SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Cyber attacks target New Zealand charities
Fri, 16th Jan 2015
FYI, this story is more than a year old

Cyber criminals are launching attacks on New Zealand charities, according to NetSafe.

Auckland-based NetSafe has received two reports of cyber criminals launching automated attacks that attempt to validate large numbers of stolen credit cards this week, and is warning New Zealand charities to be on alert when taking online donations.

In the first incident, almost 50,000 attempts were made to rapidly submit fake donations through a website form with the aim being to test which credit cards could be used for subsequent online fraud or sold on to other internet scammers.

More than 2000 successful donations were made resulting in the charity having to enlist the help of their bank and merchant account provider to refund the fraudulent payments. They also spent time dealing with enquiries from cardholders around the world questioning the transactions.

A second incident yesterday saw another charity website hit with 11,000 payment requests resulting in more than 250 donations to their bank account.

In both cases, the automated attacks had been launched from a Brazilian IP address and NetSafe says it is encouraging charities and other small businesses that take payments online to take steps to secure their websites and contact their bank or payment provider about ways to prevent online fraud.

“Credit card fraud is an ongoing issue for any organisation that takes payments over the internet,” says Chris Hails, NetSafe digital project manager.

“The American security company PhishLabs warned that charity websites were being targeted by cyber criminals to validate stolen cards in November last year and they believe that these smaller organisations have fewer internet defences in place than larger retailers and are thus an easy target,” he says.

“Being the target of such an attack can mean hours of staff time cleaning up afterwards and could potentially cost your organisation money or find you blocked from taking future donations online.

The warning comes just a week after New Zealand's Banking Ombudsman predicted that complaints to her office about scams would increase in 2015.

NetSafe recorded more than 8000 incidents in 2014 including a wide range of cyber security issues ranging from phishing attempts to ransomware.