Cyber Security
Sappi

Cyber Security is a team sport

Be a team player. Let’s take note of these tips and tricks for Cyber Security month.

Have you ever encountered a suspicious email before?

  • Did you report your email to PhishingReport@sappi.com or click on the Phish alert button?
  • These Phishing emails could potentially put the organisation and/or our computer systems at risk.
  • Up to 90% of cyber attacks are delivered via email utilising social engineering tactics or methods.

Suspicious emails

Spot the fake attachment and link in the phishing email

  • If you are not expecting an email from the sender, treat it as suspicious and check with the IT Security team.
  • Hover your mouse cursor over a link before clicking. Is it redirecting you somewhere that is not related to your email or the sender?
  • Check for any spelling errors and bad grammar in the email.
  • Be cautious of attachments, especially from external senders. If unsure
    check with the IT Security team.
  • Stop and think before you click.

Easy to use security tools

To check if a link or attachment is malicious, visit https://www.virustotal.com/. It’s a free, easy to use tool that can quickly check if a file or link is trying to do something bad. For more information on how this works, please visit the link below.

What is Spear phishing?

  • It’s an email or electronic scam targeted towards a specific individual,
    organisation or business. Although it’s often intended to steal data for malicious purposes, cyber criminals may also intend to install malware or spyware on a user’s computer.
  • These emails can be disguised as emails from Sappi, a friend, your
    favourite online store or even your bank!

How does it work?

  • A cyber-criminal sends a Spear Phishing email, likely from a fake email
    address.
  • The user is enticed to click on the link or open the attachment.
  • You may be directed to a log on page which looks familiar.
  • The user will then unknowingly enter their credentials on the fake login page.
  • Credentials get sent back to the cyber-criminal.
  • The cyber-criminal will then attempt to access Sappi’s systems with the
    user’s username and password.
  • If successful in accessing, the cyber-criminal might be able to send spear phishing emails to all of the user’s contacts.
  • If spear phishing emails are sent from a legitimate sender within an organisation they have a high chance of compromising more users.
  • Security is everyone’s responsibility – If you suspect you have been Phished or are a victim of Phishing, please remember this important action:

Immediately notify IT or the IT security team and they will assist in changing your password and assist to scan your computer.

Personal Cyber Security & Safety Tips

“Google Yourself”

With the rise of the digital age, it is difficult (if not impossible) to remain totally anonymous on the internet. Having an online presence and maintaining your social networks can be a wonderful and valuable tool, but sometimes we are unaware of how much personal information can be obtained about us over time. By searching and reviewing your online presence, you can take steps to reduce giving hackers additional information about yourself or removing personal content that you would not want to be visible to the public.

Tips on sharing content wisely on social media:

What should you never post or share

  • An image of your car with the number plate exposed
  • Your full birth date
  • Home address
  • Your phone number
  • Your location or geotagged photos
  • Your airplane boarding pass
  • Photos of your children and their school
  • Your holiday plans

Have I been pwned and what is it?

What does PWNED mean?

Pwned, in this context, simply means that your account has been the victim of a data breach. The word itself takes its name from player-to-player messaging in online computer gaming. When one player is defeated, another might type out a message to say ‘You’ve been owned’. This was so frequently misspelt as ‘pwned’, the word itself took off.

PWNED (pronounced poned) and “have I been pwned” is a website created by security experts, that allows internet users to check whether their personal data has been compromised by data breaches. The service collects and analyses hundreds of database dumps containing information about billions of leaked accounts, and allows users to search for their own information by entering their email address. The site has been widely touted as a valuable resource for internet users wishing to protect their own security and privacy.

Give it a try

To see if your email or password have been PWNED, please click the button below.

Cyber Security is a team sport
Sappi