Ever wonder how hackers actually hack into any email account? you might be thinking that it is a very difficult task. yes? not really. Remember Anyone can do this, its a myth that it is done by geeky nerds with incredible technical knowledge. some of you might also think that it is impossible, Yes it is impossible unless the victim is noob or has very poor knowledge of internet.
And if your account gets hacked, only you are responsible for that. for example:-
1) Phishing
2) keystroke capturing
3) Password Guessing
lets discuss each of them in detail:-
Phishing is a type of Social Engineering. this is the most widely used hacking technique just because it is really simple and affordable. This can be the simplest way of fooling someone to give you their login details or private information. Phishing is a criminal process of attempting to steal sensitive information such as usernames, passwords,credit card details by disguising as a trustworthy website.
[*]The only clear identification of a website is its URL.
Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. The hacker usually sends an e-mail that appears to come from a a bank, or credit card company — requesting “verification” of information.
Please note that any email provider or any Bank Website will never ask you to validate your account by Mail, nor will they ask for verification information without a support request being processed.
Example of email meant to hack facebook account:
The link goes to fake login page of facebook, and when the login info is entered into the fake login page the password is emailed to the hacker or can be saved in a text file hosted on the server. This technique has 70-90% success rate because its success entirely depends on the user to do the mistake and login to the intended fake page.
Keystroke capturing is done by using Keyloggers. this is the simplest way of monitoring ones PC to steal their personal details such as passwords and credit card details. Keyloggers are of two types:- hardware and software.
1) Hardware Keylogger
If you can Physically access victims PC, then this could be the ideal keylogger. it is a device which can be quickly inserted in between the keyboard and the PC to capture all the data(keystrokes) entered by the victim. Keystrokes are collected in a temporary file and is stored in the flash memory of the keylogger.
The hacker behind it can now easily pick up the device containing all the information(passwords,credit card details) of victim anytime. Therefore, if desired, the keylogger can be moved to another computer to retrieve the data. Amazed?.. yes it is possible, check your keyboard slot now! Beware of this.
2) Software Keylogger
Software Keyloggers are basically Spyware, they are used to hack remote PC’s, ie these keyloggers are used to capture keystroke of a victim which is sitting far away from you(when you don’t have physical access). The attacker normally sends this keylogger application via email and somehow conveys the victim to install it.
for example look at the email message below:-
At First sight its really hard to control our self not to click it. right? But When you click on that link, the keylogger is automatically installed on your PC without any warning and sometimes Antivirus fails to recognize this. Now that the Keylogger is residing in your PC, the hacker can now monitor all the activities on your PC. the keylogger constantly collects all the the keystrokes entered by you in a temporary file, which is then periodically uploaded to the hackers location over the internet.
Prevention (BETTER safe than SORRY)
How to Get rid of Software keylogger?
Password Guessing is also a type of Social Engineering which deals with manipulating someones mind to figure-out his personal information. it requires good social engineering skills and thinking power. here the hacker knows the victim very well, rather hacker is a friend of victim. hacker could be your girlfriend, boyfriend or sometimes family member. also he might be your online friend with whom you share your your profile details including ‘date of birth’, ‘cellphone no’, and other favorite things such as cuisines,music,movies..etc. this information is enough for a hacker to start guessing the security question of the email account and in that way reset the password and put his own password and login into the account. and There is 0-20% chances that he will guess your security ques and ans correctly.
Beware!
There are many fake ways of email hacking, you will see all over the internet. Most of these fake ways tell you something like “you need to send an email to account_recovery@yahoo.com with your password in the subject line” ,..etc etc .which is some fake Yahoo account owned by some hacker that just stole your password.
And if your account gets hacked, only you are responsible for that. for example:-
“In real life, consider a Car with a single matching key. Now you cannot Unlock this Car Unless you have the duplicate key and the duplicate Key can be made only if you get a chance to trace the original key. And this is possible only if the Car’s owner is careless.”The same is applicable here. when your Account gets hacked, that’s only because of your carelessness. Believe it. Now a days hackers are targeting social networking profiles like facebook, twitter, etc. rather than email accounts. the same methods are used to hack social networking profiles. Anyways lets see how email hacking works. though there are many ways to do it, i will discuss 3 basic methods.
1) Phishing
2) keystroke capturing
3) Password Guessing
lets discuss each of them in detail:-
-1 Phishing
Phishing is a type of Social Engineering. this is the most widely used hacking technique just because it is really simple and affordable. This can be the simplest way of fooling someone to give you their login details or private information. Phishing is a criminal process of attempting to steal sensitive information such as usernames, passwords,credit card details by disguising as a trustworthy website.[*]The only clear identification of a website is its URL.
Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. The hacker usually sends an e-mail that appears to come from a a bank, or credit card company — requesting “verification” of information.
Please note that any email provider or any Bank Website will never ask you to validate your account by Mail, nor will they ask for verification information without a support request being processed.
Example of email meant to hack facebook account:The link goes to fake login page of facebook, and when the login info is entered into the fake login page the password is emailed to the hacker or can be saved in a text file hosted on the server. This technique has 70-90% success rate because its success entirely depends on the user to do the mistake and login to the intended fake page.
-2 keystroke capturing
Keystroke capturing is done by using Keyloggers. this is the simplest way of monitoring ones PC to steal their personal details such as passwords and credit card details. Keyloggers are of two types:- hardware and software.1) Hardware Keylogger
If you can Physically access victims PC, then this could be the ideal keylogger. it is a device which can be quickly inserted in between the keyboard and the PC to capture all the data(keystrokes) entered by the victim. Keystrokes are collected in a temporary file and is stored in the flash memory of the keylogger.
The hacker behind it can now easily pick up the device containing all the information(passwords,credit card details) of victim anytime. Therefore, if desired, the keylogger can be moved to another computer to retrieve the data. Amazed?.. yes it is possible, check your keyboard slot now! Beware of this.
2) Software Keylogger
Software Keyloggers are basically Spyware, they are used to hack remote PC’s, ie these keyloggers are used to capture keystroke of a victim which is sitting far away from you(when you don’t have physical access). The attacker normally sends this keylogger application via email and somehow conveys the victim to install it.
for example look at the email message below:-
At First sight its really hard to control our self not to click it. right? But When you click on that link, the keylogger is automatically installed on your PC without any warning and sometimes Antivirus fails to recognize this. Now that the Keylogger is residing in your PC, the hacker can now monitor all the activities on your PC. the keylogger constantly collects all the the keystrokes entered by you in a temporary file, which is then periodically uploaded to the hackers location over the internet.
Prevention (BETTER safe than SORRY)- Never click on any suspicious links
- Never install any Software patch or any Keygen, unless you download it from legit site.
- Never try any free Keylogger. (I will post some free keyloggers very soon)
How to Get rid of Software keylogger?- The good thing about software keylogger is, you will never know about it-when it is installed on your PC, is it working…nothing. so one thing you can do is install a good Antispyware on your PC.
- If you still feel that something is monitoring you,. just Format your Hardisk and reinstall your OS.
- Beware! there are fake AntiSpywares
-3 Password Guessing
Password Guessing is also a type of Social Engineering which deals with manipulating someones mind to figure-out his personal information. it requires good social engineering skills and thinking power. here the hacker knows the victim very well, rather hacker is a friend of victim. hacker could be your girlfriend, boyfriend or sometimes family member. also he might be your online friend with whom you share your your profile details including ‘date of birth’, ‘cellphone no’, and other favorite things such as cuisines,music,movies..etc. this information is enough for a hacker to start guessing the security question of the email account and in that way reset the password and put his own password and login into the account. and There is 0-20% chances that he will guess your security ques and ans correctly.Beware!There are many fake ways of email hacking, you will see all over the internet. Most of these fake ways tell you something like “you need to send an email to account_recovery@yahoo.com with your password in the subject line” ,..etc etc .which is some fake Yahoo account owned by some hacker that just stole your password.
0 comments:
Post a Comment