Tono āwhina

Get help now

If your business has been affected by an online incident, or if you’re worried your network has been hacked, we’re here to help.

Report an incident to CERT NZ

If you or someone else is in immediate danger or a crime is being committed, call 111 now.

Graphic illustration showing two speech bubbles with three dots inside one of them

Report an online issue or security incident

If your business has experienced a security issue online, report it to us. We’ll help you understand what’s happened, the steps you can take to resolve it, and provide advice on how to avoid it in the future.
Report an incident
Credit card icon

Check if it's a scam

Think you’re being scammed? Use our quick scam check tool to see if you've received a message you should be wary of, and find out what to do with it.
Scam Check

Common scenarios

  • Someone has gained access to your online accounts

    You're locked out 

    If you have lost access to an online account and can no longer log in, you will have to work with the platform. Be aware this can be a long process. 

    If you have lost access to your bank or other financial accounts, contact your provider immediately and, if possible, talk to your account manager there. 

    Most online platforms have a section to help you recover your account. You can find some of the most common ones here. 

    If you need further assistance, want help future-proofing against other attacks or want to understand how the attacker gained access, report the incident to CERT NZ.  

    Reporting form for businesses and individuals | CERT NZ(external link) 

    You still have access

    If someone has gained access to any of your online accounts but hasn’t locked you out, immediately do the following.

    1. Reset the password and change it to something long, strong, and unique.
    2. Set up two-factor authentication (2FA) to protect it from future attacks. 
    3. Disconnect any devices from the account that aren't yours, you can usually do this in the account settings.

    Protect yourself from unauthorised access

  • Your business's data has been breached

    If an attacker has gained access to your business's data and is releasing it publicly – or selling it – then take the following steps immediately.

    1. Disconnect the compromised system from the internet, physically remove network cables if necessary. Do not turn it off, you could lose evidence that will help you work out what happened.
    2. Reset the passwords for any compromised accounts and turn on two-factor authentication where possible.
    3. Report the breach to the Privacy Commission if it is likely to cause anyone serious harm. This is legally required within 72 hours of discovering the breach under the Privacy Act 2020.
      Report a breach to the Privacy Commission(external link)
    4. Contact any customers or stakeholders who are affected.

    We can offer support in responding to the breach and with how to communicate to those affected.

    Report an incident | CERT NZ(external link)

    Protect your business from a data breach

  • You are locked out of your systems or data

    If you’ve lost access to some or all your internal systems, take the following actions.

    1. Contact your IT provider immediately, if you have one.
    2. Report it to CERT NZ who can provide free advice and guidance on how to deal with this type of attack. Report an incident to CERT NZ(external link)
    3. Disconnect the compromised system from the internet, physically remove network cables if necessary. Do not turn it off, you could lose evidence that will help you work out what happened.
    4. Restore your system from your most recent backup. If you don't have a backup, you can do reset to factory settings and reinstall your operating system. Check with your IT provider before doing this as it will likely erase all your files.

    These sorts of attacks are called ransomware as they often come with a ransom demand from the attackers. We recommend you do not pay the ransom.

    Even if the amount seems small, there is no guarantee that you’ll get your access back and paying a ransom could put you at risk of further attacks – if an attacker sees that you're willing to pay them, they might try to target you again.

    Protect your business against ransomware

  • Your website is down due to an attack

    If you’re website is down – and it doesn’t seem to be from a technical issue – it may be a cyber attack. A good indicator is getting a '408' time-out error when trying to access the site.

    1. Contact your web administrator, website host, or Managed Service Provider (MSP) to diagnose the issue.
    2. Contact CERT NZ. We can help if you're unsure who your provider is or you don't have one, we can also let you know if the issue is wider than just your business. Report an incident | CERT NZ(external link)
    3. Contact your customers. A website outage does not mean that any data is at risk and customers could be worried.

  • You received a suspicious email or message

    It's good to be cautious about suspicious, or simply odd, messages in your email, text or social media. This is the main way attackers can get your details and get into your systems.

    1. Do not click any links sent via unsolicited text or social media messages and do not respond.
    2. Check links and sender details in suspicious emails by hovering your mouse over them to see where they come from or go to.

    These messages, known as 'phishing', often claim to be from known organisations, such as banks or government agencies. Notably, most New Zealand banks have agreed to not send out links in text message communications with customers.

    If you only clicked the link, you're usually ok, but if you have shared information or sent money then you need to take the following steps.

    1. Contact your bank immediately and they can try and reverse the payment.
    2. Update passwords and enable two-factor authentication (2FA) on any associated accounts.
    3. Contact the organisation through their official channels to let them know about the messages (chances are, you aren't the only who got one).
    4. Report the message. If it's an email forward it to phishpond@ops.cert.govt.nz. If it's a text message, forward it to 7726 – this is a service run by the Department of Internal Affairs (DIA). If it came via social media, report it to the platform (for example, Facebook).

  • Your business is being impersonated online

    If you have discovered someone claiming to be you online, there are a few steps you can take. This can take a few different forms: a fake website, fake social media profile, phishing emails or someone simply claiming to work for you or represent you.

    1.  Report the fake account to the platform it's on (for example: Facebook). If it's a fake website, then contact us and we can work with you and the web hosting company to help get it removed. 
    2. Report an incident | CERT NZ(external link)
    3. Contact your followers and customers, to let know that there is an imposter and to avoid it. Also tell them to report the fake account if it contacts them.
    4. Report to NZ Police if the impersonator has stolen money from your customers. Report to Police(external link)
    5. Turn on two-factor authentication (2FA) on your accounts, to stop anyone being able to take over your account and lock you out.

  • You receive a suspicious invoice or are asked to change payment details

    There are two ways this can affect you.

    You're sent an invoice or request asking you to pay to a new bank account.

    1. Do not reply directly to the message containing the new invoice or request.
    2. Contact the company via official channels and verify the new payment details.

    Your customers receive an invoice claiming to be from you.

    1. Contact all your clients letting them know about the scam and to not pay the fake invoice.
    2. Contact your bank to let them know the situation.
    3. Report to your IT provider, managed service provider or us as there is a chance that the scammers may have access to your email systems.

    Report an incident | CERT NZ(external link)

More information

  • What to do after reporting an incident

    Responding quickly to an online security incident can limit the impact to your business. Here's where to start.

    If you've had an online security incident

  • Talking to your staff and customers about what's happened

    Communication, whether it's with your staff, your customers, or the public is a big part of a well-managed incident. Knowing what to say and when to say it can make a big difference to the perception of how well your incident is managed.

    Communicating in an online security incident

  • Understand the risks your business faces

    Every business should do an online security risk assessment. Knowing the risks your business faces and having a plan in place for them can help you prevent — or recover from — a online security incident. Find out how to do one.

    Online security risk assessments for your business

  • Get help to manage online security for your business

    Outsourcing some of your online security needs to an IT services provider could help to reduce your risk in future. Here's what to think about before choosing one.

    Choosing an IT service provider

Looking for something else?

Get information for individuals

Practical advice and how-to guides to help you keep yourself safe and secure online.
Switch to individuals

Help for IT specialists

If you need information targeted to IT specialists, or want to report a technical incident, visit our CERT NZ website.
Visit CERT NZ

Subscribe to business updates from Own Your Online

Sign up to get the latest online security news and alerts for business straight to your inbox.

Subscribe