Khing241 How to protect email account getting hacked Tue Apr 23, 2013 2:49 pm
"My Email account is hacked" or " Some hacker has hacked my email account", did these quotes sound familiar to you Guys, if not then soon gonna be if you are not aware of latest techniques used by hackers to hack into your email accounts. After reading such comments there are two things that always come to my mind, either hacking email account is to easy for hackers or protecting email account
for getting hacked is too difficult. And after thinking about both
above points, i starts laughing because both are true for Hackers and
both are false for unaware users.
Note: If a Hacker wants to hack you
Email or system, he will hack it. The only thing you can do is, just
make it harder for him to do the same.
Friends, after spending my precious 5 years in field of Hacking and
Cyber security, i reached a very simple conclusion. Email accounts can
only be hacked by means of Social Engineering technique, and whoever says that he can hack email account using some other technique then friends he is a liar.
Protect Email account from getting hacked |
Now what all topics are covered in Social Engineering Technique:
1. Phishing or fake page login technique.
2. Spreading Keyloggers in form of cracks, keygens, or hack tools(RAT's , keyloggers, etc).
3. Shouldering passwords.
4. Guessing Weak Passwords.
5. Compromising Accounts with Friends or team mates
6. Using Accounts from Cyber cafe's or other insecure places like friends PC or college PC's.
So friends let's start from one by one, how you all can protect yourself from hackers.
1. Phishing or Fake Pages Login Technique
In this technique, what hacker does is that, he makes a local(fake) copy
of original website which looks absolutely similar to original one and
attaches his PHP action scripts to record the passwords and then uploads
that local copy to some free web hosting server. After uploading, he
shares the links with friends or victims by three different ways:
a. By Sending Emails : Emails can be spoofed and looks like they
are coming from genuine sources like Gmail Support or Yahoo Support etc
or Simply from your most trusted friends.
Now which type of emails you should not open:
- Emails asking for account verification: These emails ask for you email account username or passwords to verify your details.
- Emails showing Prize Money or
lotteries: Nowadays, we all receive a lot of email messages like "You
have Won Prize Money or Lottery of so and so amount. These emails
usually ask your name, age occupation, mobile number, sometimes credit
card details. And when you provide all these information they ask you to
verify your Mobile number. They usually say you will receive one unique
verification code on your mobile and ask you to enter that verification
code in some unknown website. Note: This is mobile phone verification loophole of all Email services. They all sent verification in below format: "
Your Google Verification Code is 123456 or Your Yahoo verification code
is 123456 or Your Hotmail verification code is 123456". Means these
services doesn't mention that "your Gmail or Yahoo or Hotmail password reset code is 123456" so user is easily get fooled by such offers and become the prey to hackers. - Emails from unsolicited or unknown sources: Never open the emails which comes from unknown sources.
- Never access any social networking website link from your email as it can be a Phish Page link.
Some useful and handy guidelines to identify Phish Pages:
1. Always check the URL in the address bar ( both source and
destination). Never login in the URL which has website URL other than
the original one.
2. Most important: Always use web security toolbar(avg,avira or crawler
etc), most of them are available for free. They will detect the fake
pages and warn you from opening them.
b. Using Chat services
Never open the links that are being posted in chat rooms, there are lots
of Ajax and java scripts available in market that can retrieve all your
stored passwords from your web browser.
c. Sharing Content on some website and that website is asking for registration with is followed by email verification.
Hackers share their links on famous forums or torrents, when user open
these link either of the above two things happen or a key logger or RAT
is attached with them that will record you email address and password
and send the information to hackers email account or FTP mail.
2. Spreading Keyloggers in form of cracks, keygens, or hack tools(RAT's , keyloggers, etc).
This is the most used hacking technique used by almost every hacker to
hack the users email accounts. In this technique, hackers attach their
keylogger or RAT servers with the crack or keygen or patch or hack tools
and whenever user executes that it got installed automatically.
In this case hackers use the below loophole: Whenever you open a keygen
or patch or crack or hack tool, your antivirus shows you are warning
message but users always ignore these as hackers or cracks provider has
already instructed the users that turn off the antivirus before running
patch or keygen.
So friends 4 things to note here:
a. Never use cracked or patched software's as they already contains Trojan's which are controlled on basis of timestamp.
Solution: Look for any freeware providing the same features. If you
request i will give you the list for freeware alternatives for all paid
software's.
b. Never turn off your antiviruses or anti-spywares or web security toolbar.
c. Regularly update your antivirus and anti spyware programs.
d. If you wanna try any hacking software or hack tool, then always use sandbox browser or use Deep Freeze.
3. Shouldering passwords
Seeing or watching the user, while he/she is typing his password is
called shouldering. Most of time we types our passwords in front of our
friends or colleagues. Nowadays what usually friends or classmates do is
that, they stand in back of you and keep a eye on you while you are
typing passwords. This technique is also used at ATM machines, thieves
or malicious people watch people while they were entering the ATM pin
and then misuse that online.
Solution: Always take care that nobody is watching you while you are
typing passwords. If not possible to do so try to avoid logging into
your accounts when your friends are near you.
Note: Never store passwords in your web browsers. Otherwise, friends
like me ask you to bring water for me and when you go out, i will see
you all saved passwords :P..
4. Guessing Weak Passwords
Its not a new thing, i have told people more than hundreds of time not
to use weak or very common passwords but they will never learn. Few
basic passwords that unaware or novice IT people use:
a. 6 to 8 consecutive character on the keyboard or alphabets like qwerty, 1234567, abcdefgh etc.
b. Atleast 30% of people keep their current or previous mobile numbers as their passwords.
c. More than 10% keep their girlfriend name or her mobile number as password.
d. But nowadays password policy are quite good, so novice people also
became smart as most of websites ask atleast one Capital letter, one
number and one special character in password. Now friends, guess what
will be their passwords:
1. Suppose its december then their password will be like: Dec@2011 or Dec123! or Dec2011@.
2. How can they forget keyboards consequite keys like qwert123!, qwerty123$, abc123! etc.
3. Offcourse, none can forget his girlfriend name : girlfrindfirstname123! or more smart people GFNAME1!.
Hahaha.... thats really foolish.
Some tips for strong passwords:
1. Always keep your password atleast 8 chars long.
2. Use special characters and number and small n upper case combination in your password.
3. Verify your mobile numbers if available.
4. Keep changing your passwords at-least once a month.
5. Compromising Accounts with Friends or team mates
Its one of the most common problem with team mates and friends. "Today i
am not coming to office or college, please use my login ID and password
and forward the details or some files" or "Your friend went to your
home and suppose you are away from your house, now what you will do, hey
use my username and password and take your files or documents". What
the hell is this? You call yourself professional, and every time you
yourself violating the password and account policy norms.
Never share your account information with anyone. People like me are
very dangerous, if you share your pass with me then you are done :P..
Solution: Never tell your account information to anyone. If its urgent,
you can share it but you need to change your details as soon as
possible.
6. Using Accounts from Cyber cafe's or other insecure places like friends PC or college PC's.
Most of cyber cafe's or college computers have keyloggers or rats
installed on them. Whenever you login into your account through
cybercafe, none can give you assurance that your account is safe or
hacked. So always play it safe. If you login into your account through
cyber cafe's, always change them as soon as possible.
Now friends, if you follow all the above steps told by me, then your
account can never be hacked and for sure you will never get a chance to
say "My EMail account is hacked" or "Someone has hacked my email".
So play safe to live n enjoy safe.
That's all for today, hope you all have enjoyed my tutorial on how to
protect your email account from getting hacked.
If you have any queries ask me in form of comments.
Read more: http://www.hackingloops.com/2011/12/how-to-protect-email-account-getting.html#ixzz2RHonveFN