Phishing is a growing thread to vulnerable kiwis due to its sneaky and creative nature in disguising a phishing bait as a legitimate service.
Many Samoans have fallen victim to phishing scams. According to Information Security Specialist John Fuiava, numerous professionally employed Samoans are victims of these scams. The tactics used by these scammers are so sophisticated that even IT professionals have clicked on phishing links.
John conducts workshops for Aoga Amata around Auckland as part of the SAASIA Si’i le Matalalaga initiative, aimed at enhancing school digital literacy. In one of his workshops, he teaches about how to stay safe online.
In the workshop, John aims to educate participants on the widespread issues of botnets and phishing on the internet. Drawing upon his expertise and personal experiences, he seeks to illuminate the risks associated with these cyber threats and share protective measures. Feedback from parents and teachers has highlighted the relevance of this topic, revealing encounters with online scams that resulted in financial losses, malware infections, and compromised personal accounts.
Additionally, he highlights various prevalent online scams, including those conducted through email, phone calls, text messages, and social media.
The Flubot malware is a text-based phishing. It impacted a lot of people in New Zealand. Users, deceived by seemingly legitimate text messages, unwittingly clicked on phishing links. This action led to the infection of their phones, enabling the malware to autonomously send out deceptive texts to the users’ contacts without their knowledge.
Fake profile page
He also advises that when receiving an email that seemingly comes from your bank or another reputable entity, the first step should be to verify the sender’s email address. It’s crucial to determine whether it matches the official website address of your bank or appears to be from an unrelated source. Alternatively, navigating directly to the bank’s official website to log in—bypassing the email link entirely—is a safer approach.
John emphasises the importance of being proactive about phishing awareness. He suggests using tools like Total Virus to scan any dubious links, even those that seem to be from trusted sources. A clean scan result might indicate safety, but confirming with the supposed sender offers an additional layer of security, he further explained.
‘If there’s any suspicion that your phone has been compromised,’ John concludes, ‘resetting it to its factory settings is the most effective way to eradicate potential threats.
From join force with Europol, New Zealand Police have arrested three individual related from a multi-national operation called Camperdown, targeting the phishing enabler platform LabHost.
Example of attack flow
LabHost was a phishing-as-a-service (PhaaS) platform that emerged in 2021. It provided its customers with the tools and capabilities to create phishing pages that imitated the appearance of websites belonging to banks and other prominent companies and organizations. This service was designed to trick victims into disclosing their personal information, such as credit card details and passwords, by believing they were interacting with legitimate websites.
When unsuspected victims experiences a phishing scam, they could lose money or have their personal data stolen.
According to a 1News report, in an interview with Cybercrime Investigator Detective Sergeant Richard Briscoe, New Zealand Police, aided by the Auckland City and Waitematā Criminal Investigation Branches (CIB), executed three home searches across Tāmaki Makaurau. During these operations, officers confiscated numerous computers, electronic devices, and documents.
The success of the joint-force operation have resulted in the arrest of the admin of the platform on 15 April 2024 followed by arrests of the users of the plaform around the world, reported 1News today.
If you feel you are a victim, you have to report it.
How to Report Scams – https://www.dia.govt.nz/Spam-How-to-Report-Scams