Copyright futurefive
Norton has released its Q3 Threat Report, highlighting increases in web skimming, scam attacks, and destructive wiper attacks in New Zealand. The report, compiled by the Gen Threat Labs research team at Gen, provides an overview of cybercrime trends in New Zealand between July and September. Findings reflect a threat landscape changing rapidly as attackers employ artificial intelligence (AI) and automation to reach more victims with greater precision. AI-generated phishing sites Gen recorded more than 140,000 AI-generated phishing websites worldwide so far in 2025, with activity remaining high during the third quarter. These so-called "VibeScams" mimic legitimate brands closely and can be put together in minutes. Countries heavily targeted include New Zealand, France, Spain, Australia, and Japan. Web skimming, where malicious code is inserted into a retailer's checkout page to steal card numbers and billing details, increased by 416% in New Zealand quarter over quarter. "Web skimming attacks are on the rise and Kiwis need to know it," said Mark Gorrie, VP APAC at Gen Digital. "Over the holidays people need to be very careful with where they're entering their personal and financial information online. If you're feeling unsure about the retailer, that's a good sign to stop what you're doing and find a place you can trust to buy from. If you don't you might just be giving away your credit card and other financial details to scammers." Gen threat researchers noted that the success of these scams relies less on technical skill and more on creating convincing sites, a process greatly accelerated by AI-driven web builders. Other scam tactics Data breaches globally rose by 82% over the quarter. Attackers increasingly focus on obtaining passwords and sensitive credentials, with 83% of recent breach incidents involving passwords. Meanwhile, breaches involving basic contact details declined. The report also highlighted 'Scam Yourself Attacks', with fake browser update prompts that install malware. This attack method was up 448% in New Zealand. Text-based fraud increases The rise in text-based scams continues. According to Gen, automation and AI-generated messages have made scam texts more credible and more likely to succeed. Analysing hundreds of millions of SMS messages, Gen Threat Labs found campaigns largely aimed at extracting small payments, capturing payment card details, or accessing user accounts. The most prevalent SMS scams included fake job offers, refund cons, tax or penalty claims, investment proposals, and delivery notifications. New Zealand experienced a significant uptick in tech support scams (437% increase) and fake invoice scams (32% increase). These campaigns often begin with mass-distributed texts and may direct recipients to fraudulent customer service chat portals or phone calls. Further, some fraudsters now pair written texts with cloned voices or AI-powered chatbots to extend scams across different platforms. Wiper attacks and digital tracking Wiper attacks, which aim to destroy data rather than extort money, surged 219% in New Zealand. Such attacks erase critical files, corrupt system start-up processes, and delete back-ups, resulting in prolonged operational disruption for businesses and individuals. The report's findings indicate a trend towards more damaging cyber-sabotage. Despite increased use of privacy protections and cookie blocking, digital tracking continues to adapt. Using device configurations and unique digital "fingerprints", attackers and trackers can identify users across different sites. Gen's telemetry indicates an average of 247 million tracking attempts blocked each month and 37 million digital fingerprints detected. Debate on encryption persists in the UK and EU, with concerns that backdoor proposals could negatively impact data privacy and security. Assisting individuals and small businesses The third quarter report included details of Gen researchers finding a major flaw in a strain of ransomware named "Midnight Ransomware". This discovery enabled the creation and free release of a decryptor, allowing affected users to recover files without paying ransoms. The company highlighted the impact of such attacks on individuals and small businesses lacking robust backup arrangements. AI's role in modern cybercrime "AI has changed the scale and speed of cybercrime," said Siggi Stefnisson, Cyber Safety CTO at Gen. "It is being used to mass-produce scams, tailor ransomware, and target people with precision we have never seen before. Our mission is to stay one step ahead, using AI for protection rather than deception, and to bring real-time defence to every moment people live and work online." Gen's brands, which include Norton and Avast, provide products designed to counteract the kinds of scams noted in the report. Solutions such as Norton Scam Protection and the Scam Guardian feature in Avast Free Antivirus and Avast Premium Security aim to detect and block malicious activity, while LifeLock provides identity protection in the event of personal data exposure.
