Cybercrime

Cybercrime, also known as technology enabled crime, electronic crime, e-crime or online crime, refers to criminal activity that involves the Internet, a computer, smartphone or other electronic devices

Cybercrime covers a wide range of incidents, from pure cybercrime where computers are the target (for example computer intrusions), through to cyber-enabled crime where the technology is used to assist in committing a crime. Most crimes now have a technology component.

Pure cybercrime

Pure cybercrime offences are defined in Crimes Act 1961, sections 249 to 252 under Crimes involving computers. Cybercrime is defined as a criminal act that can only be committed through the use of ICT or the Internet and where the computer or network is the target of the offence. This is regardless of what the criminal goal is – whether political, financial gain, espionage or any other reason and these include:

  • Computer intrusion
  • Attack on a computer system
  • Malicious software
  • Ransomware attacks

Computer intrusion

Computer intrusion, commonly referred to as hacking, is gaining unauthorised access directly or indirectly to a computer system which can include a desktop, laptop, smart phone, tablet, server or other device regardless of whether it is connected to the internet or not.

Other than physical access, it may take the form of someone gaining access to your account via the internet such as email, online banking, social network (e.g. Facebook, Instagram, Twitter, etc.), remote work login, or other.

Access can be obtained by many methods, either directly, by deception or discreetly, by appearing harmless and associated with something seemingly legitimate. Such examples include:

  • Poor password management such as being easily guessed or the same password used for other accounts which has been obtained from another source
  • Installing malicious software pretending to be harmless such as software downloaded and installed from a website or a mobile app
  • Submitting your login details at an illegitimate website from a link you clicked on from an email you received
  • Continual and persistent combinations of usernames and passwords used to guess a login
  • Receiving a telephone call from someone pretending to be a service provider or government agency requesting you to install software to give them remote access to your computer

If your account has been accessed without your consent then contact the administrator and/or provider and seek assistance to regain access, and secure the account by resetting the password and enabling additional security login measures.

Attacks on a computer system

An attack on a computer system is any type of offensive act that targets computer data, information, infrastructure, network, cloud or any personal computer devices.

A computer attack can range from installing malware on a personal computer to crippling countries' critical national infrastructure and can be conducted intentionally or recklessly and without authorisation, resulting in damaging, deleting, modifying, or otherwise interfering with or impairing any data or software in any computer system.

Below are some common types of cyber security attacks against computer systems:

  • SQL Injection attacks (SQLi)
  • Cross-Site Scripting (XSS)
  • Man-in-the-Middle (MITM) attacks
  • Malware attacks
  • Denial-of-Service (DoS) attacks
  • Brute-Force and Dictionary attacks

Defending against computer system attacks requires many layers of defence and some of these may include:

  • Application security
  • Multi-factor authentication
  • User access controls
  • Authorisation
  • Encryption
  • Firewall
  • Education

Malicious software

Malicious software, often called malware, are programs that can perform tasks often discreetly without detection by the user such as;

  • Record every key typed on your computer, capture screenshots and obtain files and saved passwords
  • Encrypt your personal files so they are no longer accessible
  • Provide discreet remote access to your computer
  • Enable recording from your webcam
  • Use your hardware resources to mine cryptocurrency
  • Use your internet connection as a proxy or redirect you to other websites
  • Conduct computer attacks against other internet connections

Malware can be installed by anyone who has physical or remote access to a computer, 'harmless' looking email attachments, or be part of software downloaded off the internet.

There are preventive measures that you can take to reduce the possibility of infection and the impact of malware, which is highly recommended, and those include:

  • Do not open unexpected emails and their attachments or click on links embedded in them
  • Regularly update your operating system such as Microsoft Windows, anti-virus software, web browser, and other programs to protect yourself against the latest vulnerabilities exploited by malware
  • Be suspicious of any unexpected web browser pop-up ads or instant messages requesting you to install any type of software. This can often take the appearance of a security alert, account verification, video plugin, or a promotional offer
  • Regularly back up your files to a separate storage device and ensure it’s disconnected when not in use
  • Reduce the opportunity of malware being installed by using a Windows user account with no administrator privileges
  • Disable the use of macros in Microsoft Office applications

Ransomware attacks

What is ransomware?

Ransomware is a type of malicious software that denies someone access to their files or computer system unless they pay a ransom. This type of attack can target anyone, from individuals and small businesses to large organisations.

The first sign of a ransomware attack is often a text file pop up or a background, or that you are suddenly unable to access or open any files.

The attacker will then demand that you pay money ‘a 'ransom' to get your files back.

Government guidance on cyber ransom payments

In April 2023, the New Zealand Government issued new guidance on cyber ransom payments for the general public, nationally significant organisations, and public sector agencies. The New Zealand Government discourages the payment of ransoms to cybercriminals and urges all victims to report any cyber ransom incidents to the relevant agencies, regardless of whether a ransom is paid. You can find the detailed guidance on the DPMC website.

For the general public, including individuals and businesses, ransomware attacks are a criminal act and should be reported to New Zealand Police.

You can find our further information below about how to report cybercrime, including ransomware attacks.

Cyber-enabled crime

Cyber-enabled crime is any criminal act that could be committed without ICT or the Internet, but is assisted, facilitated or escalated in scale by the use of technology. This includes a vast amount of serious and organised crime such as:

There are many precursors to facilitate criminal offending like phishing, cold calling, forgery, identity theft, and spam which are varying methods of social engineering. Therefore vigilance should always be used when unexpected contact is made by phone or email.

If you are reporting cybercrime then it is important to keep any electronic evidence. For information on preserving electronic evidence consult your IT system's administrator or security specialist.

Reporting cybercrime

Reporting a cybercrime is just like reporting any other offence. Learn how.