Hacking Facebook – Orkut – Gmail – Yahoo account | The Reality

Hii Friends, today I am going to share most important article for the beginners who have just started exploring hacking and for people who aren't interested in learning hacking but needs somebody's account password anyhow. I want you to aware about common misconceptions in regarding Email/Social Networking Sites about online accounts hacking.

Otherwise those thoughts/misconceptions/articles/Blogs can seriously put you in trouble. We usually start like googling this, "how to hack gmail", "softwares for hacking orkut", "how to hack facebook"… etc  but unfortunately reach some malicious websites, follow stupid instructions and our own accounts get hacked.

When I was a beginner, my rediffmail account gets hacked because of lack of awareness or knowledge.

Okay talking in general, suppose you just have signed up for an account (gmail, yahoo or any other reputed website). Your password is stored only at two places: -

·        In website's database

·        In your mind
(Don’t say a stupid thing that it is also saved in a text file on your PC or in your girlfriend's mind etc)

Stealing your credentials (Id/password) from website's database is almost impossible. Company like Microsoft, Google, Yahoo, Facebook…ect are paying millions of dollars for securing their systems. Hard Core hackers might get success.

Now talking about your mind, it might be really very simple to do this with the help of Social Engineering.

Shocked?

At this point, I must say that hacking an email account depends strongly on carelessness/foolishness of victim.


FAQs or misconceptions regarding the following points:-

·        Does any free/paid software/program/cracker exist to hack such accounts?

No ...You might get numberless free or premium software’s which claim to crack email accounts. The software’s just ask you to enter victim's email and start cracking/generating password.

I have already told you about two places where one's password is. From where the hell, these softwares would bring passwords for you? This kind of stuff is undoubtedly scam/rubbish.

·        Is there any free/premium online service to hack such accounts?

No... You might have logged on to many websites that claim to crack any email account for some amount of money. They are completely fraud and be aware of them. Don’t lose your money there!!

·        Another type of fraud: -

You might have come across many tutorials/videos that instruct you to compose an email to something@something.com. You are asked to write victim's email ID, your email ID, your password and are assured that you would get requested password within 24 hours.

Needless to say, it is an idea of befooling innocent people. Of course, your own account gets hacked.

Believe me, you can’t imagine the number of people who become victim of such rubbish things. They lose their money, time, accounts but get nothing in return. So take care.

The above all points are examples of one type of Hacking known as “Social Engineering - Art of Manipulation”

How to hack these accounts?

Every method directly/indirectly involves victim's carelessness/lack of knowledge.

·        Non-Technical : -

While signing up for an account, we are asked to set a security question like our nickname, birthday place etc so that we could recover our account in case we forget our password. Many innocent people sets the correct answer which they are not supposed to do. Gather some information about victim and try to guess the answer of security question is very simple.
 

·        Technical-

1.   Phishing - The most common way of hacking them is phishing. The common type of phishing is Fake Login Page. The victim is anyhow anyway made to enter his credentials in fake login page which looks like genuine login page and gets hacked. Read More here.

2.   Malicious files - The victim is given a malicious file. It could be binded with or hidden behind a genuine file. It is usually a keylogger or trojan. A keylogger secretly records everything you type and sends to attacker. Obviously records your passwords too. Read more here.

3.   Stealing Sessions - Talking in simple language, whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. This piece of string or login session is destroyed when we click on 'Sign Out' option. An attacker can steal that session by convincing victim to run a piece of code in browser. Attacker can use that stolen session to login into victim's account without providing any username/password. This attack is very uncommon because when the victim clicks 'Sign out', session gets destroyed and attacker too also gets signed out. Read more here.

Note-You might be thinking that one could sniff the credentials sitting in same network. But I should remind you that, they would be encrypted ones and cracking the SSL encryption is almost impossible.

Conclusion: -

Sign up for an account at gmail/yahoo/facebook/orkut/hotmail. Now forget its password and recovery options. Never login into it. Can anyhow the password be cracked/hacked.?? Answer is big NO.

So, this is one more awareness article share by TRICKS4INDYA & some of the previous awareness articles are: -

• How To Protect Your Home Computer from Cybercriminals
• How to Protect Your Email Id & Facebook From Hackers
• How To Create Strong Password?
• Secure Yourself at Cyber Café
• Passwords Are Like Underwear :- {Security Tips}
• How to Check if your Gmail Account Has Been Hacked or Not??
• Enable Facebook Login Approvals : Login With a Code Sent to Your Phone

 

Main aim of TRICKS4INDYA to post awareness article is to make aware you from cybercriminals / Hackers. If you know above tricks written in these articles then I think you are update & very less chance to become victim of cybercriminals / Hacker. As I told you one of the best methods to protect yourself is “Awareness”.

Kindly Share this knowledge with as many people as you can and aware them about the misconceptions.Feel free to mention your queries/doubts in comments. Keep Learning. 

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

If you want to keep up-to-date on the Ethical Hacking Tutorials news, latest Tips & Tricks, latest scams & most important awareness and are a member of Facebook, don't forget to Join the Tricks4indya Facebook page to keep informed about the latest security.

Read More

From Where Spammers/Hackers Get You E-mail Ids

I know many of you always receive a special kind e-mail with advertisements known as spam & for social engineering hacking emails. You might be asking yourself from where a spammer/hacker might have got your e-mail ID. So here's the answer, following are some of the methods via which spammers gets your email ids.

·        Social Networking Sites:-

If you are a social network animal then you might know that sometimes we just add anyone as our friend without even knowing who the person is. Reason, most of us just want to show off that we have a big friend list. But there are some people who are actually preparing this friend list to get your e-mail ids. People hardly care about privacy settings and leave their telephone numbers and e-mail ids open for spammers/hackers to have a look on. Now how they extract your email ids, all major e-mail clients like gmail and yahoo provide their users with API(Application Programming Interface) to pull e-mail ids of friend list available on social networking sites. Once all emails are pulled spammer download this email list as excel sheet and your e-mail ids are now ready to get spammed.

·        Online Applications:-

If you have ever used facebook then you might be knowing whenever you access any facebook application it asks for access to all your private data, once you allow application access you give your e-mail to them, now they can use it for any purpose.

·        Online Games And Contests:-

Many people have habit of playing games online and contests that appears free with prize. The fact is that many people might be playing those games and only one gets prize via lucky draw. How much legitimate that appears. These contests are nothing but sure shot funds of companies to grab personal details of people visiting their sites. How this pays them, this list helps them prepare job lists for eligible and needy persons thus they don't pay a penny for job recruitment and also gets an employee ready to work on minimum payments. Next they can use this list to spam you with advertisement of their own products or they may even plan to sell their e-mail list to spammers for hefty amount.

·        Job/Technology/Career/Game Fairs:-

You might have seen many people standing with some kind of forms in these kinds of fairs to invite people with job opportunity, free stuff delivery or contest, which actually never is the case. Such fairs are good targets since by spending just few bucks a contact list with several thousand e-mail IDS and phone numbers is built that too without anyone suspecting.

·        Online Forums:-

Hey don't worry I don't mean they sell e-mail ids or their database are hackable. While on forums many people unknowingly don't set privacy settings, also they post their e-mail ids as it is as comment or reply. These e-mail ids can be extracted using software used for extracting e-mail ids.

·        Web Mail Extractors: -

Web Mail Extractors are software that search websites for patterns like this “@domain.com/@domain.net, @domain.org etc”. Once found they extract complete email ids and save them in their database. One such tool is “Web e-mail Miner”. For today I would advise you to download it and try to find out how it works. Don't worry about how to use it, you just have to enter name of site and press enter and it'll pull email for you. Try a name of famous online forum, guaranteed to get a list with more than thousand e-mails.

·        Improperly Configured or Unprotected Servers:-

Usually company uses two kinds of domains/servers one valid of all and one valid only for their employees and customers. Sometimes these two are interconnected with each other for employees to make changes to website that is public. The internal server for employees usually contains lot of information about their employees and job recruitment in excel sheets or PDF files which can be opened using browser. If they are not configured properly “Web Mail Extractors” can easily crawl in revealing thousands of quality e-mail ids.

Knowingly or unknowingly we might have made many of above mistakes which have lead our e-mail ids open to spammers or hackers. If you want to save yourself to begin hacked than please keep above points in your mind. Feel free to comment about what you think about above information.

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

If you want to keep up-to-date on the Ethical Hacking Tutorials news, latest Tips & Tricks, latest scams & most important awareness and are a member of Facebook, don't forget to Join the Tricks4indya Facebook pageto keep informed about the latest security.

Read More

Bin Laden Video Is a Virus, FBI Warns

The U.S. Federal Bureau of Investigation warned computer users Tuesday that messages claiming to include photos and videos of Osama bin Laden's death actually contain a virus that could steal personal information.

The warning comes as security companies said that they've spotted the first samples of malicious software disguised as photos of the dead Al Qaeda leader.

Security vendor F-Secure said Tuesday that criminals are e-mailing a password-stealing Trojan horse program called Banload to victims, and Symantec said it's seen criminals spamming victims with links to fake "Osama dead" news articles that launch Web-based attacks on visitors.

U.S. authorities do have photos of bin Laden, who was shot in the head during an early morning raid Monday in Pakistan. But these photos have not been released publicly.

Scammers have also used a technique called search engine poisoning to try to trick search engines into listing hacked Web pages that are loaded with malware in their search results. "It's unlikely you'll find pictures or videos of Bin Laden's death online -- but searching for one will certainly take you to sites with malware," wrote F-Secure chief research officer Mikko Hyponnen in a blog post.

The FBI warned Internet users to watch out for fake messages on social network sites and to never download software in order to view a video. "Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar, and non-standard English," the FBI warning stated.

As a major international news event, bin Laden's death has shown the amazing way information can spread online. Many learned of the terrorist leader's death through Twitter, where the story first broke, or Facebook. But it also underscores how the unfiltered media can quickly spread bad information worldwide.

In the three days since the early morning raid, the bin Laden story has generated fake photographs, fake quotes, and plenty of scams.

Security experts said that shady marketers and so-called rogue antivirus vendors have also jumped on the bin Laden bandwagon. The rogue antivirus software bombards victims with pop-up messages telling them they have a computer problem. Its aim: to nag them into paying for bogus software.

Shady marketers are spreading messages on Facebook that try to lure victims into spreading the message to friends and visiting marketing Web sites, by claiming they have a censored video.

If you want to keep up-to-date on the latest scams, and are a member of Facebook, don't forget to join the Tricks4indya Facebook page to keep informed about the latest security news.

Kindly Share this knowledge with as many people as you can and aware them from about Bin Laden Video Is a Virus. Feel free to mention your queries/doubts in comments. Keep Learning.

If u like then ple follow my blog & also help to promote. Don’t forget to leave comment.

Read More

Osama Shoot down video scam spreads on Facebook

Facebook users are being tempted to click on links to what purports to be a video of Osama bin Laden being shot, in the latest in a series of scams exploiting the hot news story of the Al Qaeda leader's death.

The messages appear as follows: -

Watch the Osama Shoot down video

Osama Dead - Censored Video Leaked on.fb.me
Osama is dead, watch this exclusive CNN video which was censored by Obama Administration due to level of violence, a must watch. Leaked by Wikileaks.

Clicking on the link, however, will not instantly show you some sensational footage of US Navy Seals attacking Osama bin Laden's compound in Pakistan.

Instead, you're told you will have to take an online survey.

That should be enough to set your alarm bells ringing - as survey scams are a continuing problem on Facebook, earning scammers commission with every survey they manage to trick users into completing.

What's most interesting about this scam is that they trick you into cutting-and-pasting a line of JavaScript into your web browser's address bar.

Not that you'll realize that you're doing that, of course. As far as you know all you're doing is following a sequence of instructions and keyboard presses before you watch the video.

But any time you paste a script into your browser's address bar, you're effectively running code written by the scammers without the safety net of protection.

Before you know it, you'll be sharing the news of the "Osama Shoot down video" with all of your Facebook friends, and the scam will be spreading virally.

My guess is that you don't want to make it so easy for the scammers to run their scripts on your browser - so don't fall for scams like this.

Be very careful not to be fooled by scams related to Osama bin Laden's death, not just on Facebook but on other parts of the internet too. Such a big news story always seems to attract the interest of fraudsters and malware authors.

If you want to keep up-to-date on the latest scams, and are a member of Facebook, don't forget to join the Tricks4indya Facebook page to keep informed about the latest security news.

Kindly Share this knowledge with as many people as you can and aware them from such Osama bin Laden death video scam. Feel free to mention your queries/doubts in comments. Keep Learning.

If u like then ple follow my blog & also help to promote. Don’t forget to leave comment.

Read More

Osama bin Laden death video scam spreads virally on Facebook

A link which claims to point to a video of the death of Osama bin Laden has been spread virally across Facebook on 2^nd may 2011, just hours after the death of the Al Qaeda leader.

The messages, posed as updates on Facebook users' walls, claim to point to banned video footage of Osama bin Laden's death: -

SHOCKING NEW video of OSAMA BIN LADENS DEATH!!
Exclusive BANNED VDEIO footage of Osama Bin Laden being killed!!!

(In the screenshots used throughout this article we have obscured the image as some may find it disturbing).

Clicking on the link takes you to a Facebook page which urges you to like and share the link with your Facebook friends, before you can watch the "shocking" footage: -

However, sharing the link with others just helps spread it further across the social network, and instead of a shocking video you are instead presented with an all-too-familiar survey which you are told you must complete before you can go any further.

The scammers earn money every time a survey is completed, and that's why they want you to share the link with others.

Tricks4indya is advising computer users to don’t  watch out for scams related to Osama bin Laden's death, not just on Facebook but on other parts of the internet too. Such a big news story always seems to attract the interest of fraudsters and malware authors.

If you want to keep up-to-date on the latest scams, and are a member of Facebook, don't forget to join the Tricks4indya Facebook page to keep informed about the latest security news.

Kindly Share this knowledge with as many people as you can and aware them from such Osama bin Laden death video scam. Feel free to mention your queries/doubts in comments. Keep Learning.

If u like then ple follow my blog & also help to promote. Don’t forget to leave comment.

Read More

Beware Of Lottery Email

Hii friends my previous article is about “Social Engineering – Art of Manipulation” in which I try my label best to explain about Social Engineering – Art of Manipulation. As I said Social Engineering is a best & easy method of hacking.

Today I am going to post one best example of Social Engineering attack that you receive daily in your emails.

So, Lets starts: -

You may daily receive an email from Microsoft lottery, Google lottery, Yahoo lottery, cocacolapromo , Msn/Yahoo Lottery …..ect saying that

“Ticket number (2PYUK2010)

Ballot number (UK: 51322010/110

The Coca Cola Company Plc Official End of Year Prize Award Winner Notification.

NEW YEAR BONANZA FROM YOUR FAVORITE DRINK

Dear Guaranteed Award Winner,

We are pleased to inform you of the result of the just concluded annual final draws held on the 4th January, 2011 by Coca-Cola in conjunction with the British American Tobacco Worldwide Promotion, your email was among the 20 Lucky winners who won (£500, 000, 00GBP) each on the COCA COLA COMPANY PROMOTION

However the results were released on the (28^th of February 2011) and your email was attached to ticket number (2PYUK2010) and ballot number (UK: 51322010/110) The online draws was conducted by a random selection of email addresses from an exclusive list of 29,031 E-mail addresses of individuals and corporate bodies picked by an advanced automated random computer search from data base of the internet. However, no tickets were sold but all email addresses were assigned to different ticket numbers for representation and privacy. This Lottery is approved by the British Gambling Board and also Licensed by the International Association of Gambling Regulators (IAGR).This is the 3rd of its kind and we intend to sensitize the public.

In ORDER to claim your winning prizes, You are required to fill the form below and send it to the Promotion manager of THE COCA COLA COMPANY for verification and then you will be directed on how to claim your wining amount of (£500, 000, 00GBP) Five Hundred Thousand Great British Pounds.”

In the form you have to fill following information:-

1. Full Names:............

2. Residential Address:.............

3. Phone & Number Mobile: .........

4. Fax Number:...............

5. Occupation:......

6. Company:.....

7. Sex:........

8. Age:.......

9. Nationality:.......

10.Country:........

11.Marital Status:........

12. Bank Account No. …

13. Bank Name….

14.Ballot No.:........

15.Ticket No.:........

16.Winning E-mail id:…….

So, this is one example of Coca cola promo. Many people read this type of mail specially newbie’s, believe that they won £500, 000, 00GBP & send own personal detail to Social Engineer hacker. That is a tricks Social Engineer hacker use & you become victims would not even realize that because social engineers exploit the natural tendency of a person to trust their word.

Now, Form the above example social engineer hacker know the weakest point of your brain to gain your personal information without making a computer security holes.

For Security you also visit below Coco-cola company site to read “what company says about this rumor?”

http://www.thecocacolacompany.com/contactus/myths_rumors/packaging_award.html

If you already send your personal detail to hacker then 90 % chance that your online account is not safe & watched/used by hacker. So, Change your personal detail with password or close that account as soon as possible & create new one with new password & personal detail.

If you see any lottery mail come in your account with the brand name then delete it without reading & always secure yourself from social engineer hacker.

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

Kindly Share this knowledge with as many people as you can and aware them from such fake emails. Feel free to mention your queries/doubts in comments. Keep Learning

If u like then ple follow my blog & also help to promote. Don’t forget to leave comment.

Read More