Celebrating 10 years of keeping the net safe and secure!

netsafe-team-2015NetSafe’s Operations Manager Lee Chisholm celebrates a milestone this week, clocking up 10 years service with us.

Lee started work at NetSafe in April 2005 – the week before YouTube was ‘born’! – when only one in three Kiwi households had a broadband internet connection and only 6% of people could go online via their mobile phone.

Over the last 10 years, New Zealanders have rapidly made the internet part of their daily lives. The average home internet connection is now 200 times faster than it was in 2005 and most families are using multiple devices to access online services 24/7.

The ubiquity of internet access and cheap smartphones for all – it’s believed 4 out of 5 Kiwis now have one – has even lead to the concept of FoMO or Fear of Missing Out.

A network for learning

NetSafe receives the majority of its funding from the Ministry of Education and the technology landscape in New Zealand schools has also changed enormously over the last 10 years.

In 2005, all schools had an internet connection but 1 in 4 were using dial-up and only 5% of schools used a handheld device or tablet as part of lesson delivery.

Many students now bring their own device to school or use a school owned tablet in classes. With the average school internet connection now 2000 times faster, students have access to unparalleled learning opportunities.

2005 – 2015: How digital challenges have evolved

To mark Lee’s lengthy service at NetSafe, we’ll be publishing a Q&A style interview with her next week.

This Sunday, Lee will be on Newstalk ZB’s morning show at 10am to discuss this decade of rapid technological change and the impact that widespread internet adoption has had on New Zealanders.

View the image below to discover just how far we’ve come since 2005 – from a single beige box in most homes to a whole new world of connectivity. Here’s to Lee’s second decade at NetSafe as we welcome the era of the Internet of Things!

Internet-Adoption-in-New-Zealand-2005-to-2015
Click to view full size: Internet Adoption in New Zealand, 2005 to 2015

Safer Internet Day partners work to combat rising internet harms in New Zealand

New Zealand kicks off Safer Internet Day 2015 - 10th February
New Zealand kicks off Safer Internet Day 2015 – 10th February

19 organisations are joining forces to mark 2015’s Safer Internet Day (10th February 2015) in New Zealand as Kiwis report an increasing array of internet harms.

Safer Internet Day is celebrated worldwide to encourage the safe and positive use of the internet and digital technologies, especially among families and young people. New Zealand’s Safer Internet Day is being coordinated by NetSafe, the online safety and security organisation.

In 2015, 19 organisations that work with Kiwi internet users across the country are coming together to celebrate the day, promoting digital safety and security messages to customers, staff and stakeholders. The full list of supporting organisations can be viewed online and are included below.

“Safer Internet Day is about pausing to celebrate the positive work that is going on every day all around New Zealand. This global initiative highlights how creating a safer internet is a shared responsibility and we’re pleased to have so many organisations supporting the event in New Zealand,” said Martin Cocker, NetSafe’s Executive Director.

Digital Challenges Report

To mark Safer Internet Day, NetSafe has published a report on the full range of online challenges that New Zealanders faced in 2014 (PDF). The report can be downloaded from http://www.netsafe.org.nz/safer-internet-day/.

The Auckland-based non-profit handled over 8000 incidents in 2014 and recorded almost $8m lost to a wide variety of online scams and computer security issues. The report also looks at other harms that Kiwi internet users can suffer including the emotional impact of online harassment and bullying and privacy concerns around the loss of data and identity information.

Highlights from the report include:

  • More than one in ten of the incidents that NetSafe handled in 2014 involved bullying or online harassment and reports were received from young people and adults alike;
  • NetSafe recorded over 1000 privacy related reports during the year;
  • The average financial loss reached $9300 and more than 30 losses greater than $50,000 were recorded.

NZ Partners working towards a safer internet

Examples of activities that participants have planned for Safer Internet Day 2015 include:

Education sector:

Ministry of Education
The Ministry of Education is promoting Safer Internet Day on its websites

The Online Safety Advisory Group
This cross-sector group is releasing guidance for schools on how to prevent and respond to incidents involving digital technology including mobile phones. This will published on NetSafe and Ministry of Education websites.

CORE Education
CORE Education has developed a resource that will help teachers focus their professional conversations about internet safety. CORE is also planning to use their web channels to promote this and other resources across their educator networks.

Post Primary Teachers’ Association
The PPTA has developed resources designed to support teachers model positive online behaviours and the teaching of digital citizenship concepts. These will be made available to its 17,000 members.

Enabling e-Learning
The Enabling e-Learning website is an information hub for teachers developing the use of digital technology in the classroom. The Enabling e-Learning team are delivering a range of different professional development activities for teachers to mark SID 2015. Enabling e-Learning is managed by CORE Education on behalf of the Ministry of Education.

New Zealand Catholic Education Office
The NZCEO is marking the day by writing to all 244 of New Zealand’s Catholic schools to highlight key messages about online safety.

Network for Learning
N4L are writing a themed blog post which will look at issues related to content filtering.

Te Toi Tupu
Te Toi Tupu provides professional development to schools across New Zealand about using digital technology for learning. For SID 2015 they have planned a special focus on internet safety issues for schools including online professional discussions about issues schools are managing. Te Toi Tupu will be promoting SID 2015 via its website and social media.

Industry:

Google
Google NZ is launching a phishing awareness initiative asking users if they can spot the tell-tale signs of an online scam.

Trade Me
Trade Me will be using a special SID 2015 Kevin the Kiwi logo for the day that connects members back to the Safer Internet Day website.

Vodafone
Vodafone is bringing The Parenting Place in to their offices to provide training for staff.

Facebook
Facebook is promoting the day through its New Zealand pages.

Twitter
Twitter will be promoting the day by amplifying tweets related to Safer Internet Day (@netsafeNZ #SID2015))

Co-operative Bank
Co-operative Bank will be encouraging customers and staff to do a ‘sense check’ on how they use digital banking technology to keep their money and their personal information safe.

Other government agencies:

Department of Internal Affairs
The RealMe programme will be promoting the day on their website, via social media and to all DIA staff.

Department of Prime Minister and Cabinet – Connect Smart
The Connect Smart programme will be promoting the day to its partners and on its website.

NZ Police
Police are developing a sample cybersafety intervention plan that schools can use to support their work.

Office of the Children’s Commissioner
The Children’s Commissioner is promoting discussion about SID 2015 and internet safety issues throughout the day.

2015 Safer Internet Day Supporters:

  • Co-operative Bank
  • CORE Education
  • Department of Internal Affairs – RealMe programme
  • Department of Prime Minister and Cabinet – Connect Smart programme
  • Enabling e-Learning programme
  • Facebook
  • Google
  • Ministry of Education
  • NetSafe
  • Network for Learning (N4L)
  • NZ Police
  • NZ Catholic Education Office
  • NZ Principals’ Federation
  • Office of the Children’s Commissioner
  • Post Primary Teachers’ Association
  • Te Toi Tupu
  • Trade Me
  • Twitter
  • Vodafone

NetSafe warns New Zealand charity websites are being targeted by credit card fraudsters

NetSafe is warning New Zealand charities taking online donations to be on the alert after receiving two reports this week of cyber criminals launching automated attacks that attempt to validate large numbers of stolen credit cards.

In the first incident, almost 50,000 attempts were made to rapidly submit fake donations through a website form with the aim being to test which credit cards could be used for subsequent online fraud or sold on to other internet scammers.

More than 2000 successful donations were made resulting in the charity having to enlist the help of their bank and merchant account provider to refund the fraudulent payments. They also spent time dealing with enquiries from cardholders around the world questioning the transactions.

A second incident yesterday saw another charity website hit with 11,000 payment requests resulting in more than 250 donations to their bank account.

In both cases, the automated attacks had been launched from a Brazilian IP address and NetSafe is encouraging charities and other small businesses that take payments online to take steps to secure their websites and contact their bank or payment provider about ways to prevent online fraud.

Online fraud a global problem

“Credit card fraud is an ongoing issue for any organisation that takes payments over the internet,” said NetSafe’s Digital Project Manager Chris Hails.

“The American security company PhishLabs warned that charity websites were being targeted by cyber criminals to validate stolen cards in November last year[1] and they believe that these smaller organisations have fewer internet defenses in place than larger retailers and are thus an easy target.”

“Being the target of such an attack can mean hours of staff time cleaning up afterwards and could potentially cost your organisation money or find you blocked from taking future donations online,” said Hails.

The warning comes just a week after New Zealand’s Banking Ombudsman predicted that complaints to her office about scams would increase in 2015[2]. Auckland-based NetSafe recorded more than 8000 incidents in 2014 including a wide range of cyber security issues ranging from phishing attempts to ransomware.

Protect your business online

NetSafe offers the following advice for charities and website owners:

  • Talk to your bank or merchant provider about how their payment systems can be used to protect against online fraud
    Enquire about options for monitoring payments and blocking such large scale automated attacks. If you can, consider using third party card verification services from Visa and MasterCard to add a second layer of protection.
  • Talk to your website developer, IT staff or a security specialist about ways to protect your site and any payment forms you host
    Using SSL to encrypt information submitted is essential so that forms operate at an https:// address. Discuss testing your systems for signs of common vulnerabilities and your options for fixing them.
  • Use a CAPTCHA on your web form or require an account be created
    Technical solutions like these can potentially slow down automated software ‘bots’ that are designed to validate card numbers in quick succession.
  • Limit transaction volumes or website sessions by IP address or pre-screen payments from high risk countries if you are seeing fraudulent attempts to donate
    Many New Zealand charities may only wish to accept donations from Kiwis using credit cards issued by NZ banks. Ask if you can filter payments by Bank Identification Number (BIN) to prevent overseas cards being accepted.
  • Consider monitoring traffic volumes to your website
    Talk with your website host about establishing an alerts services so that you’re aware if you receive a sudden unexpected spike in visitors.
  • Investigate using a specialist online fraud management service
    Sift Science offer an online service to assess transactions before handing them on to your merchant provider and may be an additional way to reduce fake donations.
  • Weigh up the benefits of outsourcing your online donation process
    Explore options from third parties with secure systems and dedicated resources to manage fraud such as PayPal or Givealittle. Givealittle.co.nz allows NZ charities and schools to register for a free fundraising page.

“Monitoring any payments received is an important way to detect fraud on your website. Be on the lookout for a series of small donations for odd values or random amounts. Real people tend to donate whole dollars – $20 rather than $4.73,” said Hails.

If your website has been targeted by credit card fraudsters speak with your bank or merchant provider. You can also contact NetSafe via their freephone telephone number 0508 NETSAFE or report an incident online at www.theorb.org.nz.

Notes:

[1] Cybercriminals abuse charities to verify stolen credit card data

[2] Scam-related bank complaints on the upBanking Ombudsman

2014: An online year reviewed at NetSafe HQ

550023_10151198124371945_425821055_nChristmas 2014 is rapidly approaching and that means it’s time for us to review the year almost gone and identify the (anonymous) visitor trends and traffic patterns to our three most popular websites again.

Unsurprisingly – and perhaps somewhat depressingly – many of the common concerns from 2012 and 2013 are still making the top ten charts at NetSafe this year: ransomware, phishing attacks and comprised email and social networking accounts still make it to the top of the most visited pages on NetSafe.org.nz, Security Central and our blog.

2014 in numbers

We’ll publish a more in-depth, full year review in early 2015 but looking at data for the year to date, more than 230,000 people have visited these three websites so far this year.

We’ve also logged almost 8000 incidents via all our communication channels and recorded close to $7.5m lost by Kiwis to a wide range of digital challenges across the realms of cyber safety, cyber security and cyber crime.

Read on for an insight into NetSafe visitor trends for 2014:

NetSafe.org.nz

Just over 200,000 people visited the main NetSafe website during 2014 from an amazing 215 countries, states and territories. As the mobile internet revolution roars on, 1 in 3 visitors were using a mobile or tablet device to access our online content. We plan to release a new NetSafe site on Safer Internet Day 2015 (10 February) to make the mobile experience more fulfilling and hope to source funding to revisit some of our older resources next year too.

Talking of mobiles, interest in parental controls for phones being used by young people remains strong. Concerns about fake profiles on Facebook moved up 4 spots suggesting use of the social network remains strong (despite new challengers ) and as a result, the bad guys continue to develop ways to exploit trusted network connections.

The most obvious new entry to the NetSafe top ten is interest in securing Mac and iOS devices – the Californian company has seen some major media stories this year around iCloud hacks and other security concerns and with the company’s products selling well this makes these operating systems a more high profile target.

NetSafe’s Top Ten Website Pages for 2014:

  1. How can I put parental controls on my child’s mobile phone?
  2. Can I download music and videos from YouTube? Am I breaking copyright law?
  3. Facebook: reporting fake and imposter profiles
  4. Cyberbullying: advice for young people, parents and teachers
  5. How can I complain about ask.fm?
  6. The Copyright (Infringing File Sharing) Amendment Act: What schools should know
  7. How do I protect my Apple Mac or iOS devices?
  8. How can I security check my computer?
  9. What does anti-virus and anti-spyware software do?
  10. Help! My email account has been hacked

Visitor technology explored

Our anonymous statistics service helps identify what browsers and operating systems visitors are using offering us an important insight into current tech being used by consumers.

Overall, Windows powered PCs remain the computer of choice for NetSafe visitors. But challengers including iOS, Android, Macintosh and even Linux are now making up 42% of market share.

What computer operating system do NetSafe visitors use?

  1. Windows – 55%
  2. iOS – 16%
  3. Android – 13%
  4. Macintosh – 10%
  5. Linux – 3%

It was reassuring to see that 87% of Windows users were running a supported version of Microsoft’s operating system. Encouraging the remaining one in ten to make the jump to a newer OS will be a challenge for 2015

  1. Windows 7 – 68%
  2. Windows 8.1 – 12%
  3. Windows XP – 10%
  4. Windows 8 – 7%
  5. Windows Vista – 3%

Drilling down into the data shows some different numbers for New Zealanders when it comes to their operating system of choice.

What computer operating system do Kiwi NetSafe visitors use?

  1. Windows – 63% (55% globally)
  2. iOS – 12% (16% globally)
  3. Macintosh – 12% (10% globally)
  4. Android – 7% (13% globally)
  5. Linux – 5% (3% globally)

Interestingly, Chrome OS is the system of choice for 1% of Kiwis, perhaps reflecting the use of Chromebooks in NZ schools.

When it comes to web browser use, the duopoly days of the 90s browser wars are long gone and Google’s Chrome takes a large chunk of the pie:

  1. Chrome – 40%
  2. Safari – 20%
  3. Internet Explorer – 18%
  4. Firefox- 12%
  5. Android Browser – 6%

Internet Explorer use has declined over the years but we still counted 100+ stalwarts using the ancient IE6 browser. Support for IE8 will continue until early 2016 but we’d still encourage all web users to improve their computer security by upgrading to a modern browser in this age of drive by downloads and malicious malvertising.

Security Central Top Ten

Visits to our computer security site continued to focus on the ongoing threats around ransomware, and Adobe Flash and Reader vulnerabilities. Our cyber security advice will be migrating to the main NetSafe site in 2015.

  1. Dealing with CryptoLocker ransomware
  2. How to check and update Adobe Flash
  3. Dealing with ransomware
  4. Dealing with ransomware and remote access hacking
  5. How to check and update Adobe Reader
  6. An Introduction to Cybersecurity
  7. Phishing, social engineering and online scams
  8. NetSafe Computer Security Checklist
  9. Reporting cybercrime in New Zealand
  10. Phishing and social engineering

The NetSafe Blog Top Ten

.nz websites continue to be cloned and 2014 saw some nasty employment scams enacted against both job seekers and Kiwi businesses. And again, advice for securing Mac devices made it into the charts:

  1. Help my website has been cloned – Bad robot! Defeating website scrapers
  2. Is Jenny Wilson from Reclaim Expert calling you?
  3. How to spot a suspicious email attachment
  4. I’m the king of the castle, get down you dirty rascal – Defence in Depth explained
  5. Anti-Child Porn Ransomware hits New Zealand businesses
  6. Don’t want your iPhone or iPad ‘hacked’? Why unique passwords are so important for online security
  7. Scamwatch reports bring total losses reported to NetSafe’s Orb website to $4.4m in third year of operation
  8. Phishing, smishing and how a casual click can deliver a nasty surprise
  9. Smartphones and public wi-fi ‘Evil Twin’ attacks
  10. Going Phishing: how to spot a fake banking website

The NetSafe office and telephone helpline will be closed between 24 December and 12 January but we will continue to triage reports made to our cyber incident site over this period. Stay safe and secure in 2015 and enjoy the Christmas break.

Kiwis, what floats your digital boat?

I was lucky enough to spend some time in Sydney this week attending a Google for Non Profits training day and catching up with a range of cyber safety organisations in Australia who are looking to take advantage of a whole host of Google tools to help their organisations tackle digital challenges affecting a wide range of audiences.

In between coping with the muggy Australian weather (an impressive lightning storm shut Sydney airport briefly last night) and taking in the beautiful surroundings of Darling Harbour, I couldn’t help but be amazed by the resources the Californian company is making  available for non-profits.

NetSafe has been lucky enough to receive a Google AdWords grant that will seriously improve the way we market our educational services to New Zealanders in 2015. We already have pretty good organic search engine optimisation and some highly ranked pages on popular online issues, but a monthly grant of $10,000 to spend on Pay Per Click advertising couldn’t have come at a more exciting time as we refine our content marketing strategy for the next twelve months.

I’ve used the PPC AdWords system for several years and am qualified to boot. Revising our website and the content within to cover new and evolving cyber safety, cyber security and cyber crime topics to assist New Zealanders is going to be a priority for 2015.

NetSafe’s Communications Survey

Over the last few weeks we’ve been asking Kiwis to review how NetSafe communicates and the responses to date have been interesting. If you want to take the brief survey, it’s not too late to respond.

Although the total number of responses to date have been small when compared with the volume of people we speak with each year, the results have been positive – more than 4 out of 5 of those taking the survey have taken action to improve their online safety and security based on NetSafe email newsletters, Facebook posts and tweets.

When we asked what issues Kiwis are interested in keeping up to date with, the graph below shows the response to the limited range of choices we originally suggested. We didn’t even touch on emerging threats such as the spying dangers of wearable technology:

Click to see a larger image

One survey taker said: “IT is such an integral part of our lives that it benefits all of us to stay ahead of the game.

What were the top five topics?

  1.  Computer security
  2. Online scams and fraud
  3. Online safety
  4. Microsoft Windows
  5. Malware

I’d somewhat assumed that specific topics such as BYOD and Android would rise to the top, especially when so many of us are now using mobile devices to connect online. It turns out there are still plenty of NZ PC users wanting up to date advice and guidance.

What areas are you interested in when it comes to tech challenges? Take the brief NetSafe survey and give us your feedback.

Advice and guidance for dealing with digital challenges