CSI Cyber: New Zealand police now have a mandate to upskill in online crime fighting by 2017.

All police officers must be trained in fighting cyber crime by 2017 as they race to keep up with a brave new world full of hackers, phishers, and other online criminals.

Police are particularly concerned about the rise of the "dark web" – where illicit goods can be traded online anonymously – as it was attracting unusual suspects to crime.

All officers would need to be trained in forensic skills such as understanding email metadata, knowing how to track computer IP addresses, and requesting a subpoena to obtain data from overseas corporations such as Facebook, Acting Detective Senior Sergeant Clifford Clark, from the NC3 – or police national cyber-crime centre – said.

CBS Kiwi police officers must now know how to track an IP address and interpret metadata.

The unusual range of crimes they could encounter was highlighted by a case of someone selling explosives online, while hiding behind an anonymous internet network called ToR. The culprit turned out to be a Kiwi teenager – who never had any explosives to sell.

"While people think they are anonymous – and he was quite an intelligent teenager – even if they are using these technologies we will still be able to find them," Clark said. "They only have to make one mistake for us to find them."

A Victoria University study into people's experiences of managing their online identities, published in February, showed the extent of criminal behaviour they encountered.

Two participants told researchers they had their online identities stolen, one had her photo posted on a dating site without her knowledge, and another had an email account created in her name that was used to send "annoying" emails to her colleagues and create an online profile that damaged her reputation.

Many of the participants received "phishing" emails designed to lure them into giving up valuable personal information, such as bank account details, and one of them got sucked into a Nigerian scam.

Some had fallen victim to online credit card fraud. Others had received recurring bills after buying just one product online.

One had their bank account information commandeered to obtain money and goods. Several had bought items on Trade Me that never turned up, or had made purchases from fake websites.

Some had their emails or software hacked, and others experienced computer viruses and malware attacks.

Others said they had received fake friend requests via social media from people posing as their friends.

Clark said people hacking into business servers to carry out corporate espionage was another new frontier for police.

In one case, a former employee had gone back to a company and stolen a client list rom its database, deleted the company's copy, and used the stolen information to create his own business.

Clark said people also had to be wary that their own online indiscretions can be viewed as criminal behaviour.

"Whilst it's one thing to get on your partner or ex-partner's profile or read their emails ... when they know you are doing it, if they don't know you are doing that and you have actually logged onto and gained access to their computer system and got through their password, that would be an offence.

"It's important that people start to realise that."