She said she had DNB’s permission. Even so, hacker-turned-consultant Marit Iren Rognli Tokle may well have scared some of the delegates at the Treasury 360 Oslo conference on Wednesday.
Here’s how you do it
Step by step she went through the anatomy of a phishing attack: design the email, put up a web page with a misleading URL and with forms for entering personal details, then send the mail, and finally make use of the details you get hold of.
When Marit Iren Rognli Tokle herself actually put up such a setting, for educational purpose, she received the first incoming response within minutes after launching the site.
Could hit anybody
“Everybody can get cheated by a phishing attack,” said Marit Iren Rognli Tokle. To support her statement she showed a picture of Norway’s intelligence service chief, who posted on Facebook last autumn that his e-mail account had been hacked.
Marit Iren Rognli Tokle referred to a number of second-hand sources stating that
- 95 percent of targeted phishing attacks on enterprise networks were successful
- 1.5 million new phishing sites appear every month, and that
- the number of phishing attempts grew 65 percent in the latest year.
Phishing risks touch both individuals and companies. Specifically for corporations, these can also expect that state-sponsored hacking organisations could be interested in breaking their security.
The full program and speaker presentations for the Treasury 360 Oslo 2019 conference is found here.