Meet Jane Hacker. As her name suggests, Jane is a hacker, and she’s about to break into a new South African bank.
This fictional bank is called Bueno Bank. When Jane reads about Bueno Bank’s new app, she sees an entry point. She starts by opening a Bueno Bank account and then downloads the app.
Jane logs a query with customer support and gets a response from Rachel, a Beuno Bank employee. Jane does some digging to learn more about Rachel and finds out where she lives, where she studied, who she works for and who her colleagues are.
Armed with this information, Jane “accidentally” sends a fake e-mail to Rachel from one of her superiors.
The e-mail appears to have been sent to Rachel in error, but it contains information about redundancies in her department, which Jane hopes will pique Rachel’s interest. Rachel opens a seemingly innocent Word document and, just like that, Jane is in. From here, she can start poking around Rachel’s computer before moving laterally across the organisation to look for sensitive and confidential information.
Jane, Rachel and this entire scenario are fictional, created by Glenn Wilkinson, an ethical hacker and CEO and co-founder of Agger Labs.
He shared the story during his keynote address yesterday at ITWeb Security Summit 2026 at the Century City Conference Centre, in Cape Town.
Drawing on his experience working in the cyber security and ethical hacking space, he put together this fictional sequence of events to showcase just how easy it is for hackers to find the information they need.
“I have spent my life breaking into systems. I would love to tell you some war stories, but what I can do is create a fictional story to showcase what is happening in the real world.
“In this case, Jane sent an e-mail with information that she knew would catch Rachel’s attention. She hid a macro code in a seemingly harmless Word document and then used this code to access Rachel’s PC,” he explained.
He noted that while the tech is getting more and more sophisticated, hackers will still target people because this remains the easiest way to get in. “Why try to break down the front door when I can just trick someone into opening up the door?”
What Jane Hacker did may seem quite clever, but the level of sophistication Wilkinson sees in his day-to-day far exceeds this.
For example, ransomware-as-a-service (RaaS) attacks industrialise cyber crime by enabling someone to go on the dark web, join an affiliate programme, pay $100, and instantly obtain a copy of ransomware software. “You don’t need to build anything yourself; you just deploy the ransomware, and when the victim pays, you get 30%, and the creators of the ransomware get the rest.”
These groups will run all the infrastructure in the background and, much like a legitimate software-as-a-service business, RaaS operations even offer support to their affiliates, including features like live dashboards, so that hackers can more effectively manage infections and track payments.
Additionally, initial access brokers (IABs) are cyber criminals who infiltrate corporate networks and then sell this unauthorised entry on to other malicious actors, he said. Rather than carrying out attacks themselves, IABs are essentially the "middlemen" of the cyber crime economy.
While there’s no silver bullet to mitigate cyber risks, Wilkinson explained that several products make his life as an ethical hacker a little more difficult. Some examples of these solutions include canary tokens, exposure management platforms and HR management tools.
“When it comes to cyber security, the challenge may seem massive, but by making even small changes, you really can be the hero of your organisation and prevent the Janes of the world from accessing information they shouldn’t.”
Share
