The IRD brand was used in 103 different phishing scams and each one promised a tax refund to attempt to obtain either online banking logon details or credit card information, according to the documents released under the Official Information Act.
"In a more sinister tactic, the hackers use special tools to scan for home computers which have holes in their security," according to an internal IRD security memo.
"When hackers find these computers, they hack in, install web server software and load up malicious pages. Without the computer owner's knowledge, the home computer is then used to serve the phishing website to the internet.
"The phishers cast their bait by obtaining a list of email addresses, which can be bought for a small fee in hacker forums. We uncovered one of these lists left on one of the hacked computers. It had 12,000 NZ-based email addresses."
The IRD said it had no way to determine the number of instances where online banking details or credit card information has been provided to the phisher.
None of the major banks contacted by the Herald - ANZ, Westpac, ASB, BNZ - would release exact details but all said attacks were rising.
Most were unsuccessful but a cyber group sending thousands of phishing emails every day needs only a small strike rate to be successful.
The threat of cyber crime has been recognised as a key area in government strategy papers and led to the establishment of a specialist centre within the Government Communications Security Bureau.
There is also an intelligence group inside the Department of the Prime Minister and Cabinet which has a co-ordination role.
"Criminals are increasingly using cyberspace to gain access to personal information, steal intellectual property and gain knowledge of government-held information for financial or political gain or other malicious purposes," wrote Cabinet minister Steven Joyce in the National Cyber Security Strategy paper. "National borders present no barrier."
The report estimates that 70 per cent of New Zealanders have been targets of some form of cyber crime, with most common complaints being computer scams, fraud and viruses or malware.
Of those, international data suggested 133,000 individuals fell prey to identity or bank fraud. Criminals are also finding increasingly sophisticated ways to obtain information online, including using social networking sites such as Facebook and Twitter.
Users of the popular sites are being lured to other websites to put malware on the computer, or exploit the profile information (birthdates, phone numbers, employment details) to mount targeted attacks.
The boom in online shopping has led to problems too.
The Herald has revealed that scammers from Indonesia, Nigeria and eastern Europe sent "phishing" emails to Trade Me users, pretending they were from the online auction site and asking for personal details.
And in 2010, the FBI and Romanian authorities arrested 70 individuals from three separate syndicates for an online auction scam targeting eBay users.
The fraud netted more than $2 million from 800 victims in 11 countries, including New Zealand.
Paul Stokes is a senior executive at Wynyard Group, a New Zealand company whose intelligence and investigative software is used by dozens of law enforcement agencies around the world.
He said it was impossible to tell how many cyber attacks there were in New Zealand each day and malware "remains the greatest problem, but not the real threat".
"The real threat is the individual or organised crime network operating the malware and their agenda. Today, that agenda can include financial gain, identity theft, theftof state secrets or intellectual property."
Power or phone bills can be used to track personal details, or commit identity theft to open bank accounts and obtain loans. Medical records are used to commit insurance fraud, dates of birth for identity theft, as well as credit card details.
"The list is endless," said Mr Stokes.
"What is rapidly changing, however, is how these lists are accumulated, aggregated with other information and sold through online underworld networks to facilitate crimes against New Zealanders from anywhere in the world."
Cyber crime
What is malware?
Short for malicious software, malware can disrupt computer operation, gather sensitive information or gain access to private information.
Malware includes viruses, worms, trojans, spyware and adware.
What is phishing?
An attempt to gain private information such as usernames, passwords and bank or credit card details by pretending to be a trustworthy source, such as a bank or social networking site. Phishing emails may contain links to websites that are infected with malware.
What can you do?
Regularly update your home computer security and change passwords. Do not open emails or links from unknown sources, and remember banks and other organisations will never ask for sensitive information online. Report incidents to the National Cyber Security Centre at ncsc.govt.nz.
