Please choose who you are:
Te whakamōhio maiki Report an incident
Reporting an incident can help you and others
We have two reporting options:
- One for IT specialists who have a clear understanding of the issue, and
- One for individuals and businesses that helps to triage the issue and provide targeted advice and next steps.
Here are some of the reasons why it's important to report a cyber incident.
We can explain what has happened
Often people know something has gone wrong with their computer or device but are unsure exactly what. We can help you identify the problem, so you know what you are dealing with.
We can stop the incident from getting worse
We can give you advice to limit the damage – this could include switching off your device, changing passwords or contacting your bank urgently.
We can help you get back on your feet
We can advise you what you need to do to remedy the situation and resume normal activities. This may include advising you to see expert hands-on assistance from a cyber security or IT professional.
We can stop it happening to others
Receiving your report gives us more information about the threat landscape, which can help us issue advisories and alerts to help others watch out for the same attack affecting them. In some cases, we can work with other agencies to remove the threat, for example by getting dodgy websites taken down.
We can disrupt
CERT NZ operates the phishing disruption service. By sending us your phishing links and emails, we can block these going to others.
We can coordinate, to enable inter-agency responses
When we notice an increased volume of incidents, we activate with our partners to provide cross government support for complex large-scale incidents.
We’ll refer you to the right people, if we’re not the right agency
We operate a ‘no wrong door’ approach, which means we can refer you to our partner agencies where they are better placed to act. Any information that you provide is confidential — we’ll always ask for your consent before sharing any details of your report.
Your privacy is important to us. Read our full Privacy and Information statement and Disclaimer.
Depending on the circumstances of the cyber incident or issue you are experiencing, these are the things that can happen:
Step 1 – report
You can report online or by phone. The links on this page take you to our online reporting tool.
Step 2 – acknowledgement and triage
Once you've completed your report, you will be given an indication of what may have happened to you and some further advice or next steps to help you respond and recover, or reflect and adapt your online security practices.
Your report goes to the CERT NZ incident response team, who triage it and decide on how to respond.
Step 3 – response
Some reports don’t require a direct response. If this is the case, details of the incident are recorded by us and help us to understand the kinds of cyber attacks and scams that are affecting New Zealanders. This data is analysed and published quarterly.
In other cases, our responder will get in touch with you to ask for more information or to provide advice. Or they may email you with information.
We’ll use the information you provide to create advice and guidance for others who might be experiencing the same issue. The more information you can give us, the better we can help everyone.
Step 4 - referral
CERT NZ works with partner agencies, like the New Zealand Police, the Department of Internal Affairs, banks and telecommunication companies. If you need more help, and consent to it, we can forward your report to these agencies.
Any information that you provide is confidential — our reporting process asks for your consent to share your report if required or gives you the option to report anonymously.
Your privacy is important to us. Read our full Privacy and Information statement and Disclaimer.
Privacy and information statement
Is it worth reporting phishing and text smishing?
Almost half of the reports we receive are about phishing, sometimes called smishing if it is in a text (SMS) message.
Phishing is a type of email or text message scam. A phishing email or text will ask you to either click a link and enter personal information or open an attachment in the email.
Phishing can look and feel legitimate. They use the same design and logos as the company or organisation they’re pretending to be, and the same kind of language.
Domains and URLs that are verified as phishing links get listed on CERT NZ’s Phishing Disruption Service (PDS). Organisations such as cyber security service providers who are subscribed to the PDS can block access to these domains so no one in the organisation they serve can get to the sites.
CERT NZ also sends takedown requests to service providers that host these domains. Often, these providers are based overseas. If they comply with our request, the website gets taken down and can’t be used to scam other New Zealanders.
But we cannot stop online attackers from creating a new domain or website and starting over again. We are alerted to these new domains when you report to us and the cycle repeats.