Welcome to the Sappi Cyber Security campaign

The name says it all because it is the most common type of scamming used. The cyber attackers or ‘phishers’ will impersonate a legitimate company and attempt to hook your or a company’s personal information or login details. eMails are the most common channel used where phishers will send out threats or some sort of urgency to scare you into handing over your credentials. The success of an attack at this level depends on how accurate the attacker creates an eMail that resembles the company they are attempting to imitate.

Similar to deceptive phishing, but a bit more personalised to trick out the more vigilant of victims. Here the attacker will customize the message to include the person’s name, position, work place name, phone number or any other form of personal information. The goal of this is the same as deceptive phishing whereby the attacker leads the victim into clicking on a link containing malicious links or attachments. These attackers hunt on social media platforms quite regularly to gain the personal information needed.

Much like the name tells us all we need to know about it, the attackers target the big fish within the company to gather personal information of their employers which leads to them scamming multiple employers at once. They harpoon the executives in to steal all of their login details which then leads them into creating company eMails requesting employees to provide all their details due to a certain ‘online or database malfunction’. What makes this form of phishing so dangerous is that members in higher positions tend to miss out on the security awareness or training sessions.

With the awareness of cyber attacks becoming a real thing and users becoming more savvy towards traditional phishing scams, cyber attackers abandon the idea of baiting single individuals and instead create a new clever way to catch people out. This manner of scamming in simple terms means that the attacker is able to recreate the exact name of a certain link or URL you want to access and redirect you to a phony website (with the same URL name you typed in) where they will ask for your personal details. This form of phishing is less commonly used, but it’s still a real threat in the online world.

Millions of people use this platform to back up their online belongings. Therefore it creates a channel for the phishers to easily gain millions of people’s personal uploads which include personal information and credentials. Here the attackers still use the easier form of messaging by sending out eMails asking for your login details or containing malicious links. Many online platforms have developed a 2-step verification when logging in to ensure that the attackers will always miss a piece of information that stops them from entering your online accounts.

Much like Dropbox phishing, the concept is the same. This however can be more risky for larger companies as employees upload important documentation such as spreadsheets, websites, photos and more which will always contain a tiny bit of information which the attackers can use. Once again a 2-step verification can be implemented to stop them from accessing your valuable information.