New research finds cybercriminals are increasingly exploiting the trusted digital experiences Kiwis depend on, rather than relying on obvious malware or technical exploits.
Auckland, July 17, 2026 – As New Zealanders move more online in a cold winter, attackers are moving with them, closer to the trusted parts of digital life. Gen (NASDAQ: GEN) today published its H1 2026 Threat Report to help people understand what cyber threats are emerging and what risks are shaping digital life today. A common thread runs through the report: attackers are exploiting digital trust. Not only are they sending malicious links or dropping malware, they are also abusing context, sessions, workflows, brands, updating systems, advertising platforms and delegated authority.
Trust Has Become the New Attack Surface
The Threat Report’s central finding is a shift in how attacks work. The most effective threats in the first half of 2026 did not rely on technical exploits or obvious deception, they succeeded because they were hard to distinguish from normal digital life. Scams arrived through a hotel booking platform, referencing a real reservation. WhatsApp accounts were compromised not through a password breach, but by tricking users into approving an attacker’s browser as a linked device. Fraud moved through real, verified financial accounts because the people owning those accounts had been recruited through social media with offers of quick cash. And AI agents, running with permissions the user had already granted, were empowered to execute a reverse shell.
“The most effective attacks in the first half of 2026 didn’t look like attacks,” said Vita Santrucek, Chief Technology & Development Officer at Gen. “They arrived through booking platforms, family message threads, software update channels and AI agent workflows, all places people already trust. As attackers blend into everyday digital experiences, protection has to move closer to the moments where confidence is earned, exploited or broken.”
Across scams, identity breaches, and privacy violations, the pattern is the same: the attack moved inside trusted systems before the danger became visible.
A Cold, Wet Winter, and Where Kiwis Shop
One of the fastest-growing threats in New Zealand is the e-shop scam, up 87% in the first half of the year, likely because people spend more time indoors and shopping moves online when it’s cold and wet outside. Fake online stores are now built so well they are almost impossible to tell from the real thing, and the moment you enter your payment details, your card information goes straight to the scammer.
“Your guard can slip when you’re scrolling and shopping from a warm room,” says Mark Gorrie, VP APAC at Norton. “A price that’s too good, a shop name you’ve never heard of, and a message tugging at your emotions to rush you. If you feel any of those, stop right there. Rather than following a link straight from an ad or a social post, search the shop’s name and check it’s a real business. That small extra step prevents most of the harm.”
And Handing Over the Device Itself
Another fastest-growing threat of all in New Zealand is malicious remote access (MRA), up 73%.
MRA is where an attacker gains the ability to control your device from afar. They don’t just steal information; they take over the computer or phone itself. In many cases, victims grant that access with their own hands, following a message that says, “your computer is infected” and giving control to someone posing as support. Tech support scams rose 27% in New Zealand as well, and the two are closely linked.
Furthermore, Scam-Yourself attacks, where following a tutorial promising free downloads, cracked software or fixing a technical issue installs the malware yourself, climbed 45%.
Fastest-Growing Threats in New Zealand (H1 2026)
- E-shop scams: up 87%
- Malicious remote access (MRA): up 73%
- Droppers: up 56%
A dropper causes little direct harm itself but quietly delivers and installs other malware such as ransomware or spyware, slipping past initial antivirus defences.
- Trojans: up 55%
A Trojan is malicious software disguised as a legitimate program.
- Scam-Yourself attacks: up 45%.
Threat Report Highlights (Global)
Gen’s telemetry from H1 2026 shows the trend activity across key threat areas over the last six months globally.
Key findings about growing threats include:
· A 387% increase in government impersonation scams – showing criminals are increasingly exploiting trust in public institutions to steal money and information.
· A more than 454% increase in family impersonation scams, while separate “GhostPairing” activity showed how WhatsApp’s linked-device feature can be abused to gain persistent access to an account and allow people to impersonate loved ones.
· More than 304 million scam-ad impressions identified across the EU and UK in less than one month, underscoring how easily fraudulent ads can reach people.
· Norton and LifeLock breach notification alerts with attributed lead sources increased 628.1% up to 3.3 million, with more than 10 million breach notifications sent in total – proving more people’s personal information is being exposed in data breaches.
· More than 15.7 million breached records containing email addresses identified, giving cybercriminals more opportunities to target consumers with phishing, scams, and account takeover attempts.
· 734% increase in bank account (depository) activity alerts – further evidence of the rapid financial exploitation that follows a breach.
Key findings about blocked attacks and defences include:
· 114.2 million e-shop scam attacks blocked, up 109% – highlighting the growing risk of fake online stores targeting shoppers.
· 20.3 million tech support scam attacks blocked – reflecting continued attempts to trick people into giving scammers remote access to their devices or financial information.
· 1 million web skimming attacks blocked, up 212% – showing how attackers continued to target checkout flows where users already expect to enter payment details.
· Roughly 1.9 billion tracking attempts blocked during H1 2026 – demonstrating the scale of online tracking that can erode consumer privacy.
The report also identifies agentic AI as an emerging security frontier. As AI systems gain the ability to browse, install software, access files, connect to services and take action on behalf of users, attackers are increasingly targeting the permissions and trust these systems rely on. Early telemetry from Sage, Gen’s agentic security platform behind features like Norton and Avast’s AI Agent Protection, found the most common high-risk AI agent behaviours involved:
1. Trying to run dangerous system commands
2. Attempting to open a remote command channel, which could let an attacker control the system
3. Downloading and running code from the internet
4. Reading credential files without authorisation
5. Trying to create persistent remote access, such as adding a trusted SSH key
6. Trying to override the agent’s instructions.
The full Gen H1 2026 Threat Report is available at https://www.gendigital.com/blog/insights/reports/threat-report-h1-2026
About Gen
Gen (NASDAQ: GEN) is a global company dedicated to powering Digital Freedom through its trusted consumer brands including Norton, Avast, LifeLock, MoneyLion and more. The Gen family of consumer brands is rooted in providing financial empowerment and cyber safety for the first digital generations. Today, Gen empowers people to live their digital lives safely, privately and confidently for generations to come. Gen brings award-winning products and services in cybersecurity, online privacy, identity protection and financial wellness to nearly 500 million users in more than 150 countries. Learn more at GenDigital.com.
