Stay safe from cyber attacks

NZFSG emphasises cyber resilience following a recent phishing attack targeting mortgage advisers.

The increasing risk and complexity of cyber attacks means financial advisers need to be vigilant and implement robust security measures to keep their clients personal information safe. This important reminder comes from NZFSG following a recent phishing attack targeting mortgage advisers

The incident involved a targeted 'phishing' email from a supposed "first home buyer" who reached out to a mortgage adviser about purchasing a property. An email was exchanged, and the buyer advised they were overseas and unable to speak on the phone, but wished to send through documents for when they arrived back in the country. The attacker  then proceeded to send a second email with  a malicious link disguised as their financial documents in an attempt to harvest credentials and gain unauthorised access to information.

Following a cautionary communication to the NZFSG network, more advisers across the country came forward reporting the same phishing email. The incident was therefore escalated to Computer Emergency Response Team (CERT NZ) to investigate and report.

Security Consultant, Laura Bennett, who was recently appointed at NZSFG to bolster adviser  awareness and safe cyber security practices, said “This is a timely reminder to ensure we are exercising caution when we receive emails that ask us to take immediate action, and entice us to click links, followed by the requirement of our credentials.”

“Our computers are practically a treasure trove of valuable data, from bank details to personal information - a hacker's dream come true! Our clients trust us to protect their data, and it's our responsibility to uphold that trust and ensure its security.”

According to CERT NZ, of the total cyber security incident reports across all sectors in Q4 2023, finance and insurance accounted for 38% - the most for any sector, with 94% of those incidents relating to phishing and credential harvesting. The interconnectedness of the sector means any part of it could be an entry point for a wider cyber incident.

Source: CERT NZ

NZFSG is committed to keeping advisers and their clients safe by providing global IT infrastructure and client data security which meets the highest standard of ISO 27001 certification. Additionally, the group offers cyber awareness and education programmes to enhance security across their network.

Below, they list some quick tips to help you level up cyber security in your business.

Email phishing red flags:

  • The email address is not from a legitimate domain. An example: Google documents shared with you will come directly from a domain.
  • The email may contain shocking content to create a sense of urgency and to entice you to click on links.
  • Hover your mouse over the link to check the website you are being directed to. Does it align with the usual web address? If in doubt, head to the organisation's website directly. Also be mindful of 'unsubscribe' links, these are also known to be malicious.
  • There are spelling mistakes and inconsistent formatting.
  • The email may not be addressed to you by name.
  • If you are prompted to directly enter your credentials into an email link you have received, do not proceed. Always go to the website directly and login via this method. If in doubt, contact the company directly, using their publicly available information.
  • Remember that with the rise of artificial intelligence (AI) emails are becoming more sophisticated, so it is important to remain vigilant and keep an eye out for common red flags.
  • If you are unsure, do not proceed. Contact the person directly on the phone if the email you received seems out of character.

Important actions to take:

  • Make sure you have enabled two-factor or multi-factor authentication across all of your accounts, as this significantly reduces the likelihood of an attacker gaining access if your credentials are compromised.
  • Keep your passwords long and strong and use different passwords across all of your accounts
  • Keep client data stored in a secure CRM only. Client data should not be left in your email inbox or stored elsewhere.
  • Keep up to date with common phishing/email scams. CERT NZ highlights current cyber security threats and what to do if they affect you.



New Zealand Financial Services Group (NZFSG) is the leading financial services provider in New Zealand, dedicated to empowering 1,150 advisers with a choice of services to help them excel in insurance, residential, commercial and asset finance. With a focus on innovation and excellence, NZFSG is committed to helping New Zealanders secure their financial futures. Find out more or get in touch at

Most Read

Get TMM delivered to your inbox each week

Sign Up