How to Spot Phishing Emails — The NZ Specific Guide for 2026
Phishing is not a new problem. What is new: the volume, the specificity, and the NZ angle that makes local targets lower their guard.
In 2024, CERT NZ received over 2,300 cyber incident reports directly attributable to phishing — and that's only the incidents that got reported. The real number is significantly higher. Most security professionals will tell you the same thing: phishing works because it doesn't need to be sophisticated. It just needs you to be busy, distracted, or new to the country.
This is a guide built for New Zealanders. The examples are real. The URLs are NZ-specific. The advice is actionable.
What Phishing Actually Accomplishes
Most people think phishing is about stealing a password. Sometimes it is. More often, it's a stepping stone:
Credential harvesting — fake login pages capture usernames and passwords
MFA bypass — attackers pair captured passwords with real-time
Discussion
Be the first to comment
Add your perspective to get the discussion started.