Sector urged to step up defences as scammers exploit year‑end rush
NZ Financial Services Group (NZFSG) is urging New Zealand advisers to ramp up cyber vigilance over the holiday period as criminals exploit year‑end deadlines, workloads, and distractions.
The warning, from principal security consultant Laura Bennett (pictured), draws on emerging threat intelligence and feedback from NZFSG’s adviser network.
“As the year ends and the holiday season begins, this busy period is frequently exploited by hackers and scammers who capitalise on year-end deadlines, workloads and priorities,” Bennett said. “We are urging all advisers to be on high alert for sophisticated, seasonal scams.”
Threat landscape: ‘No organisation is too small’
Recent data from New Zealand and Australia confirms the financial sector faces elevated cyber risk:
- The National Cyber Security Centre (NCSC) deals with about one national‑level incident daily, including cases involving smaller businesses that assume they’re not targets.
- Cyber criminals are leveraging AI to create highly personalised, flawless phishing emails (spear‑phishing), raising the likelihood of successful scams.
- A recent NCSC survey found 53% of New Zealand SMEs faced a cyber threat in the last six months, underscoring the universal risk.
- Across the Tasman, almost three‑quarters of Australian mortgage brokers surveyed were impacted by scams or fraud in the past 12 months.
Fresh findings from BNZ’s latest SME scam survey reinforce the risk, with half of New Zealand small and medium businesses engaging with a scam attempt in the past year and 50% responding by clicking a link, opening an attachment or replying to a scam message, despite 45% not viewing cyber education as a key priority.
A recent NZFSG security poll, run during a Professional Development Day with Loan Market, highlighted the sector’s implementation challenges.
“Our survey confirmed that while businesses recognise the growing threat — with cyber concerns ranking second only to the state of the economy — many face significant obstacles like time, budget constraints, and lack of knowledge when taking action," Bennett said.
Seasonal scams advisers and clients must watch
NZFSG is warning that while adviser firms must tighten their own controls, they also need to alert clients, as many holiday‑themed scams are aimed at the general public. Common risks include:
- Smishing (SMS phishing): Unsolicited texts about a “missed delivery” linking to malicious sites.
- E‑card phishing: Fake digital holiday cards hiding malicious links – only open those from known, trusted senders.
- Invoice and receipt fraud: Bogus receipts for high‑value purchases designed to panic recipients into calling a fake “support” number.
- General phishing emails: Promotional or “urgent” messages with suspicious links or sender details.
Building adviser cyber resilience into 2026
NZFSG says advisers have made substantial progress since Bennett’s appointment in 2024, but more work is needed as attacks grow more sophisticated.
“We understand the risks and barriers, and our team is committed to supporting our advisers in navigating them, helping them proactively strengthen their business’s cyber resilience," Bennett said.
Current support includes:
- Regular training sessions and webinars featuring experts such as the National Cyber Security Centre and CyberCX, with more industry specialists planned for 2026
- A suite of resources and hands‑on support to help advisers build and maintain a strong defence posture
- Access to the free Own Your Online Business Security Assessment Tool, which generates a customised five‑ to ten‑minute action plan to improve cyber resilience
NZFSG’s message to advisers heading into the holiday period is clear: stay alert, fortify systems, and help clients recognise – and avoid – increasingly sophisticated seasonal scams.
Stay informed with the latest housing market trends and mortgage insights — subscribe to our free daily newsletter.
