Cyber Security

Welcome to the Sappi Cyber Security campaign

The Sappi Cyber Security campaign is here to create awareness around the very real issue of cyber security. Here you will have all the tools, information and tips on how to protect yourself against a cyber attack and know when you have fallen into the trap of an online scam.

As we know, technologies are evolving where socialising, work and home based online activities are done primarily online. We’re constantly becoming more and more dependent on technology, thus, there is an ever increasing risk and threat of cyber attacks. Online security gets updated regularly to try and stop attackers, but they themselves become smarter by the day. Your personal information is being threatened constantly, and so Sappi is launching this campaign to create more awareness around cyber attacks and how cyber criminals do not discriminate – they attack any vulnerable computer regardless of whether it is your personal device at home or large corporations.

What is phishing?

It’s not your weekend getaway with the guys or your local restaurant where they serve you a seafood dish straight from the fish tank. Phishing is an online form of fraud where cyber attackers will send emails or any other forms of messaging to attain your personal details, passwords and banking credentials. They impose your online world as reputable companies in order to create an image of it being ‘the real deal’ to trick and fool you into a cyber attack.

Platforms they attack you on are:

Social media

Social media

Facebook, Instagram, LinkedIn and Twitter are the main ones they use



They sound a threat or warning to gather your personal information



Suspicious links and attachments from a reputable company

The phisher or cyber criminal’s process:


1 Plan: The attacker circles around their victim or business and determines how they will get the eMail addresses or personal detail.


2 Setup: Once they’ve spotted their target, they setup and create the spoofs / messages to send to you.


3 Attack: They pounce by sending a phony message on the chosen platform that always appears to be from a reputable source.


4 Collection: The cyber attackers record the information the victims have entered into the links sent out.

Fraud/identity theft

5 Fraud/identity theft: Your information is theirs now, so they commit fraud and illegal purchases with all your details you provided them.

Types of Phishing

There are 6 common types of phishing:

1. Deceptive phishing:

The name says it all because it is the most common type of scamming used. The cyber attackers or ‘phishers’ will impersonate a legitimate company and attempt to hook your or a company’s personal information or login details. eMails are the most common channel used where phishers will send out threats or some sort of urgency to scare you into handing over your credentials. The success of an attack at this level depends on how accurate the attacker creates an eMail that resembles the company they are attempting to imitate.

2. Spear phishing:

Similar to deceptive phishing, but a bit more personalised to trick out the more vigilant of victims. Here the attacker will customize the message to include the person’s name, position, work place name, phone number or any other form of personal information. The goal of this is the same as deceptive phishing whereby the attacker leads the victim into clicking on a link containing malicious links or attachments. These attackers hunt on social media platforms quite regularly to gain the personal information needed.

3. CEO fraud or Whaling:

Much like the name tells us all we need to know about it, the attackers target the big fish within the company to gather personal information of their employers which leads to them scamming multiple employers at once. They harpoon the executives in to steal all of their login details which then leads them into creating company eMails requesting employees to provide all their details due to a certain ‘online or database malfunction’. What makes this form of phishing so dangerous is that members in higher positions tend to miss out on the security awareness or training sessions.

4. Pharming:

With the awareness of cyber attacks becoming a real thing and users becoming more savvy towards traditional phishing scams, cyber attackers abandon the idea of baiting single individuals and instead create a new clever way to catch people out. This manner of scamming in simple terms means that the attacker is able to recreate the exact name of a certain link or URL you want to access and redirect you to a phony website (with the same URL name you typed in) where they will ask for your personal details. This form of phishing is less commonly used, but it’s still a real threat in the online world.

5. Dropbox phishing:

Millions of people use this platform to back up their online belongings. Therefore it creates a channel for the phishers to easily gain millions of people’s personal uploads which include personal information and credentials. Here the attackers still use the easier form of messaging by sending out eMails asking for your login details or containing malicious links. Many online platforms have developed a 2-step verification when logging in to ensure that the attackers will always miss a piece of information that stops them from entering your online accounts.

6. Google Docs phishing:

Much like Dropbox phishing, the concept is the same. This however can be more risky for larger companies as employees upload important documentation such as spreadsheets, websites, photos and more which will always contain a tiny bit of information which the attackers can use. Once again a 2-step verification can be implemented to stop them from accessing your valuable information.

Ways to prevent phishing

  • Inspect URLs that redirect you to unknown websites
  • Look out for generic salutations, grammar and spelling errors located all over an eMail or message
  • Install a 2-step verification to all online platforms
  • Don’t click on attachments or links from suspicious eMails
  • Be informed about new phishing techniques
  • Install an anti-phishing toolbar
  • Make sure a website begins with “https://”
  • Keep your internet security up to date
  • Use firewalls
  • Do not click on pop-ups
  • Never, never, never give out personal information
  • Please report any phishy activities to