Hackers, phishers targeting Kiwis

Thousands of taxpayers have been targeted by international scammers as criminal syndicates take advantage of ever-advancing computer technology.

Cyber attacks have been identified as one of the key threats from organised crime in New Zealand and around the globe.

Bank accounts, credit cards, home addresses, medical records, IRD numbers, drivers' licences, birthdates even state secrets - all are at risk in the online age where they can be stolen through a computer on the other side of the world.

Security experts say it is impossible to know how many cyber attacks occur in New Zealand. But figures released by the Inland Revenue Department show that more than 5000 "phishing" attempts have been reported since the first in September 2010.

The IRD brand was used in 103 different phishing scams and each one promised a tax refund to attempt to obtain either online banking logon details or credit card information, according to the documents released under the Official Information Act.

"In a more sinister tactic, the hackers use special tools to scan for home computers which have holes in their security," according to an internal IRD security memo.

"When hackers find these computers, they hack in, install web server software and load up malicious pages.

Without the computer owner's knowledge, the home computer is then used to serve the phishing website to the internet.

"The phishers cast their bait by obtaining a list of email addresses, which can be bought for a small fee in hacker forums. We uncovered one of these lists left on one of the hacked computers. It had 12,000 NZ-based email addresses."

The IRD said it had no way to determine the number of instances where online banking details or credit card information has been provided to the phisher.

None of the major banks contacted by the Herald - ANZ, Westpac, ASB, BNZ - would release exact details but all said attacks were rising.

Most were unsuccessful but a cyber group sending thousands of phishing emails every day needs only a small strike rate to be successful.

The threat of cyber crime has been recognised as a key area in government strategy papers and led to the establishment of a specialist centre within the Government Communications Security Bureau.

There is also an intelligence group inside the Department of the Prime Minister and Cabinet which has a co- ordination role.

"Criminals are increasingly using cyberspace to gain access to personal information, steal intellectual property and gain knowledge of government-held information for financial or political gain or other malicious purposes," wrote Cabinet Minister Steven Joyce in the National Cyber Security Strategy paper. "National borders present no barrier."

The report estimates that 70 per cent of New Zealanders have been targets of some form of cyber crime, with most common complaints being computer scams, fraud and viruses or malware.

Of those, international data suggested 133,000 individuals fell prey to identity or bank fraud. Criminals are also finding increasingly sophisticated ways to obtain information online, including using social networking sites such as Facebook and Twitter.

Users of the popular sites are being lured to other websites to put malware on the computer, or exploit the profile information (birthdates, phone numbers, employment details) to mount targeted attacks.

The boom in online shopping has led to problems too.

The Herald has revealed that scammers from Indonesia, Nigeria and eastern Europe sent "phishing" emails to Trade Me users, pretending they were from the online auction site and asking for personal details.

And in 2010, the FBI and Romanian authorities arrested 70 individuals from three separate syndicates for an online auction scam targeting eBay users.

The fraud netted more than $2 million from 800 victims in 11 countries, including New Zealand.

Paul Stokes is a senior executive at Wynyard Group, a New Zealand company whose intelligence and investigative software is used by dozens of law enforcement agencies around the world.

He said it was impossible to tell how many cyber attacks there were in New Zealand each day and malware "remains the greatest problem, but not the real threat".

"The real threat is the individual or organised crime network operating the malware and their agenda. Today, that agenda can include financial gain, identity theft, theft of state secrets or intellectual property."

Power or phone bills can be used to track personal details, or commit identity theft to open bank accounts and obtain loans. Medical records are used to commit insurance fraud, dates of birth for identity theft, as well as credit card details.

"The list is endless," said Mr Stokes.

"What is rapidly changing, however, is how these lists are accumulated, aggregated with other information and sold through online underworld networks to facilitate crimes against New Zealanders from anywhere in the world."

- Jared Savage of the New Zealand Herald

Add a Comment