Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More

Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

New Zealand retail chain targeted with spear phishing attack

FOR IMMEDIATE RELEASE

New Zealand retail chain targeted with spear phishing attack by international cyber criminals

Auckland, 27 September 2013

NetSafe is warning New Zealand businesses to be on the alert after a major retail chain was targeted by cyber criminals in a well planned phishing attack that attempted to convince store staff to install rogue software on their computers.

IT staff at the company found one branch had downloaded a file and infected computer systems after being called by an individual claiming to work for the well-known chain. The caller, who identified himself as a senior member of the company, directed employees to a fake website that was designed to look like the official tech support site.

Following instructions from the caller, staff at the store downloaded a malicious program that tried to take over computers. Fortunately, the company's real IT staff noticed what was happening and managed to block further access to the fake website on all their systems before cleaning up and alerting all stores to the bogus caller. No data was accessed or lost.

"The effort that has gone into creating a convincing fake website and the use of a real executive's name is what concerns us," said Chris Hails, NetSafe's cyber security programme manager.

"The website which delivered the malicious software was designed using the company's branding, logo and corporate style and the criminals had gone to some effort to register a .co.nz URL which contained the chain's name," said Hails.

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

The FBI warned Americans back in July that spear phishing attacks targeting business executives and selected companies were on the rise but this is the first time that NetSafe has received this kind of report from a New Zealand company.

"This is well beyond common phishing tactics designed to harvest account login details - the cold caller posed as a genuine member of the company and tried to convince store staff that they should download the system update," said Hails.

"This is targeted spear phishing and could have seriously impacted on the business if IT staff had not been quick to respond by blocking access to the fake site and warning all branches."

The website was registered to a Nigerian address through an Indian company and based in Switzerland. NetSafe is concerned that the overseas criminals involved may try to use this set-up again to target another New Zealand business and is encouraging companies to warn their staff about these kinds of threats arriving via email and over the phone.

Help and advice from NetSafe

NetSafe highlighted the risks associated with online phishing attacks back in May this year as part of Cyber Security Awareness Week. The non-profit published a light-hearted take on the famous fish and chip shop poster designed by cartoonist Chris Slane and titled 'New Zealand Phishing Species'.

The 'phish' can be seen online at www.securitycentral.org.nz/phishing/ and businesses of any size keen to educate their staff on cyber threats can order free copies of the poster and other resources from NetSafe by calling 0508 NETSAFE or emailing queries@netsafe.org.nz.

You can report your concerns about cyber incidents in one central location at www.theorb.org.nz. NetSafe will direct your report through to the partner best able to investigate or advise you. For preventative computer security advice visit www.securitycentral.org.nz.

ENDS

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
GenPro: General Practices Begin Issuing Clause 14 Notices

GenPro has been copied into a rising number of Clause 14 notices issued since the NZNO lodged its Primary Practice Pay Equity Claim against General Practice employers in December 2023.More

SPADA: Screen Industry Unites For Streaming Platform Regulation & Intellectual Property Protections

In an unprecedented international collaboration, representatives of screen producing organisations from around the world have released a joint statement.More

 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.