An online security monitoring report shows a 28 percent increase in the number of email accounts hacked in the July to September quarter.
Cert New Zealand's latest report shows that in that quarter, it received 870 reports of unauthorised access to people's business and personal email accounts.
The IT specialist firm was established to help New Zealanders stay safe online by taking incident reports, sharing best practice advice, or by sharing data and information about the online threat landscape in New Zealand.
The latest report shows the July to September quarter had the highest number of complaints since the organisation was launched in April last year.
Cert New Zealand's director Rob Pope said in one case, the attacker gained access and tracked emails of a business for at least six months.
"They gathered extensive knowledge of the business' billing cycles and behaviours to create and send out fake invoices to the business's database," he said.
Mr Pope said attackers are also gaining access to business email accounts due to weak passwords.
He said the report highlights how basic measures continue to sit at the centre of protecting New Zealanders and their businesses from online threats.
Mr Pope encouraged everyone at work and at home, to take simple steps such as using strong, unique passwords and multi-factor authentication to protect their email and other important accounts from being compromised.
"We know from in-depth analysis of the reports we receive, combined with information from international partners and global threat insights, that it's getting the basics right that will help Kiwis stay safe online."
Mr Pope said online security could seem complicated, but evidence showed that most incidents could be prevented by taking simple steps.