Friday, 27 April 2012

How to protect Email account from hackers

Sometimes, when someone log into his/her account, and when account is not opened successfully, then he/she says my email account is hacked. But In this tutorial I am going to give you a trick for protect herself/himself from getting hacked. Hackers are uses latest technique to hacked someone email account or any other things. I am confused from both side hackers and users that someone account is hacked.
 If hackers want to hack then he will do it, but only thing is to protect ourself and make the password so difficult for the hackers.


Friends, after spending my precious 5 years in field of Hacking and Cyber security, i reached a very simple conclusion. Email accounts can only be hacked by means of Social Engineering technique, and whoever says that he can hack email account using some other technique then friends he is a liar.

Now what all topics are covered in Social Engineering Technique:
 
1. Phishing or fake page login technique.
2. Spreading Keyloggers in form of cracks, keygens, or hack tools(RAT's , 
    keyloggers, etc).
3. Shouldering passwords.
4. Guessing Weak Passwords.
5. Compromising Accounts with Friends or team mates
6. Using Accounts from Cyber cafe's or other insecure places like friends PC or college PC's.

So friends let's start from one by one, how you all can protect yourself from hackers.

1. Phishing or Fake Pages Login Technique
In this technique, what hacker does is that, he makes a local(fake) copy of original website which looks absolutely similar to original one and attaches his PHP action scripts to record the passwords and then uploads that local copy to some free web hosting server. After uploading, he shares the links with friends or victims by three different ways:

a. By Sending Emails : Emails can be spoofed and looks like they are coming from genuine sources like Gmail Support or Yahoo Support etc or Simply from your most trusted friends.
Now which type of emails you should not open:
  1. Emails asking for account verification:  These emails ask for you email account username or passwords to verify your details.
  2. Emails showing Prize Money or lotteries: Nowadays, we all receive a lot of email messages like "You have Won Prize Money or Lottery of so and so amount. These emails usually ask your name, age occupation, mobile number, sometimes credit card details. And when you provide all these information they ask you to verify your Mobile number. They usually say you will receive one unique verification code on your mobile and ask you to enter that verification code in some unknown website.  Note: This is mobile phone verification  loophole of all Email services. They all sent verification in below format: " Your Google Verification Code is 123456 or Your Yahoo verification code is 123456 or Your Hotmail verification code is 123456". Means these services doesn't mention that "your Gmail or Yahoo or Hotmail password reset code is 123456" so user is easily get fooled by such offers and become the prey to hackers.
  3. Emails from unsolicited or unknown sources: Never open the emails which comes from unknown sources.
  4. Never access any social networking website link from your email as it can be a Phish Page link.

Some useful and handy guidelines to identify Phish Pages:
  1.  Always check the URL in the address bar ( both source and destination). Never login in the URL which has website URL other than the original one.
  2.  Most important: Always use web security toolbar(avg,avira or crawler etc), most of them are available for free. They will detect the fake pages and warn you from opening them.
 b. Using Chat services
Never open the links that are being posted in chat rooms, there are lots of Ajax and java scripts available in market that can retrieve all your stored passwords from your web browser.

c. Sharing Content on some website and that website is asking for registration with is followed by email verification. Hackers share their links on famous forums or torrents, when user open these link either of the above two things happen or a key logger or RAT is attached with them that will record you email address and password and send the information to hackers email account or FTP mail.


2. Spreading Keyloggers in form of cracks, keygens, or hack tools(RAT's , keyloggers, etc).
This is the most used hacking technique used by almost every hacker to hack the users email accounts. In this technique, hackers attach their keylogger or RAT servers with the crack or keygen or patch or hack tools and whenever user executes that it got installed automatically. 
In this case hackers use the below loophole: Whenever you open a keygen or patch or crack or hack tool, your antivirus shows you are warning message but users always ignore these as hackers or cracks provider has already instructed the users that turn off the antivirus before running patch or keygen.

So friends 4 things to note here:
a. Never use cracked or patched software's as they already contains Trojan's which are controlled on basis of timestamp. 
Solution: Look for any freeware providing the same features. If you request i will give you the list for freeware alternatives for all paid software's.
b. Never turn off your antiviruses or anti-spywares or web security toolbar.
c. Regularly update your antivirus and anti spyware programs.
d. If you wanna try any hacking software or hack tool, then always use sandbox browser or use Deep Freeze. 

3. Shouldering passwords

Seeing or watching the user, while he/she is typing his password is called shouldering. Most of time we types our passwords in front of our friends or colleagues. Nowadays what usually friends or classmates do is that, they stand in back of you and keep a eye on you while you are typing passwords. This technique is also used at ATM machines, thieves or malicious people watch people while they were entering the ATM pin and then misuse that online.
Solution: Always take care that nobody is watching you while you are typing passwords. If not possible to do so try to avoid logging into your accounts when your friends are near you.
Note: Never store passwords in your web browsers. Otherwise, friends like me ask you to bring water for me and when you go out, i will see you all saved passwords :P..

4. Guessing Weak Passwords

Its not a new thing, i have told people more than hundreds of time not to use weak or very common passwords but they will never learn. Few basic passwords that unaware or novice IT people use:
a. 6 to 8 consecutive character on the keyboard or alphabets like qwerty,  1234567, abcdefgh etc.
b. Atleast 30% of people keep their current or previous mobile numbers as their passwords.
c. More than 10% keep their girlfriend name or her mobile number as password.
d. But nowadays password policy are quite good, so novice people also became smart as most of websites ask atleast one Capital letter, one number and one special character in password. Now friends, guess what will be their passwords:

1. Suppose its december then their password will be like: Dec@2011 or Dec123! or Dec2011@.
2. How can they forget keyboards consequite keys like qwert123!, qwerty123$, abc123! etc.
3. Offcourse, none can forget his girlfriend name : girlfrindfirstname123! or  more smart people GFNAME1!.
 
Some tips for strong passwords:

1. Always keep your password atleast 8 chars long.
2. Use special characters and number and small n upper case combination in your password.
3. Verify your mobile numbers if available.
4. Keep changing your passwords at-least once a month.

5. Compromising Accounts with Friends or team mates

Its one of the most common problem with team mates and friends. "Today i am not coming to office or college, please use my login ID and password and forward the details or some files" or "Your friend went to your home and suppose you are away from your house, now what you will do, hey use my username and password and take your files or documents". What the hell is this? You call yourself professional, and every time you yourself violating the password and account policy norms.

Never share your account information with anyone. People like me are very dangerous, if you share your pass with me then you are done :P..

Solution: Never tell your account information to anyone. If its urgent, you can share it but you need to change your details as soon as possible.

6. Using Accounts from Cyber cafe's or other insecure places like friends PC or college PC's. 

Most of cyber cafe's or college computers have keyloggers or rats installed on them. Whenever you login into your account through cybercafe, none can give you assurance that your account is safe or hacked. So always play it safe. If you login into your account through cyber cafe's, always change them as soon as possible. 

Now friends, if you follow all the above steps told by me, then your account can never be hacked and for sure you will never get a chance to say "My EMail account is hacked" or "Someone has hacked my email".

So play safe to live n enjoy safe. That's all for today, hope you all have enjoyed my tutorial on how to protect your email account from getting hacked.

If you have any queries ask me in form of comments.

No comments:

Comments System