Hacking Facebook – Orkut – Gmail – Yahoo account | The Reality

Hii Friends, today I am going to share most important article for the beginners who have just started exploring hacking and for people who aren't interested in learning hacking but needs somebody's account password anyhow. I want you to aware about common misconceptions in regarding Email/Social Networking Sites about online accounts hacking.

Otherwise those thoughts/misconceptions/articles/Blogs can seriously put you in trouble. We usually start like googling this, "how to hack gmail", "softwares for hacking orkut", "how to hack facebook"… etc  but unfortunately reach some malicious websites, follow stupid instructions and our own accounts get hacked.

When I was a beginner, my rediffmail account gets hacked because of lack of awareness or knowledge.

Okay talking in general, suppose you just have signed up for an account (gmail, yahoo or any other reputed website). Your password is stored only at two places: -

·        In website's database

·        In your mind
(Don’t say a stupid thing that it is also saved in a text file on your PC or in your girlfriend's mind etc)

Stealing your credentials (Id/password) from website's database is almost impossible. Company like Microsoft, Google, Yahoo, Facebook…ect are paying millions of dollars for securing their systems. Hard Core hackers might get success.

Now talking about your mind, it might be really very simple to do this with the help of Social Engineering.

Shocked?

At this point, I must say that hacking an email account depends strongly on carelessness/foolishness of victim.


FAQs or misconceptions regarding the following points:-

·        Does any free/paid software/program/cracker exist to hack such accounts?

No ...You might get numberless free or premium software’s which claim to crack email accounts. The software’s just ask you to enter victim's email and start cracking/generating password.

I have already told you about two places where one's password is. From where the hell, these softwares would bring passwords for you? This kind of stuff is undoubtedly scam/rubbish.

·        Is there any free/premium online service to hack such accounts?

No... You might have logged on to many websites that claim to crack any email account for some amount of money. They are completely fraud and be aware of them. Don’t lose your money there!!

·        Another type of fraud: -

You might have come across many tutorials/videos that instruct you to compose an email to something@something.com. You are asked to write victim's email ID, your email ID, your password and are assured that you would get requested password within 24 hours.

Needless to say, it is an idea of befooling innocent people. Of course, your own account gets hacked.

Believe me, you can’t imagine the number of people who become victim of such rubbish things. They lose their money, time, accounts but get nothing in return. So take care.

The above all points are examples of one type of Hacking known as “Social Engineering - Art of Manipulation”

How to hack these accounts?

Every method directly/indirectly involves victim's carelessness/lack of knowledge.

·        Non-Technical : -

While signing up for an account, we are asked to set a security question like our nickname, birthday place etc so that we could recover our account in case we forget our password. Many innocent people sets the correct answer which they are not supposed to do. Gather some information about victim and try to guess the answer of security question is very simple.
 

·        Technical-

1.   Phishing - The most common way of hacking them is phishing. The common type of phishing is Fake Login Page. The victim is anyhow anyway made to enter his credentials in fake login page which looks like genuine login page and gets hacked. Read More here.

2.   Malicious files - The victim is given a malicious file. It could be binded with or hidden behind a genuine file. It is usually a keylogger or trojan. A keylogger secretly records everything you type and sends to attacker. Obviously records your passwords too. Read more here.

3.   Stealing Sessions - Talking in simple language, whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. This piece of string or login session is destroyed when we click on 'Sign Out' option. An attacker can steal that session by convincing victim to run a piece of code in browser. Attacker can use that stolen session to login into victim's account without providing any username/password. This attack is very uncommon because when the victim clicks 'Sign out', session gets destroyed and attacker too also gets signed out. Read more here.

Note-You might be thinking that one could sniff the credentials sitting in same network. But I should remind you that, they would be encrypted ones and cracking the SSL encryption is almost impossible.

Conclusion: -

Sign up for an account at gmail/yahoo/facebook/orkut/hotmail. Now forget its password and recovery options. Never login into it. Can anyhow the password be cracked/hacked.?? Answer is big NO.

So, this is one more awareness article share by TRICKS4INDYA & some of the previous awareness articles are: -

• How To Protect Your Home Computer from Cybercriminals
• How to Protect Your Email Id & Facebook From Hackers
• How To Create Strong Password?
• Secure Yourself at Cyber Café
• Passwords Are Like Underwear :- {Security Tips}
• How to Check if your Gmail Account Has Been Hacked or Not??
• Enable Facebook Login Approvals : Login With a Code Sent to Your Phone

 

Main aim of TRICKS4INDYA to post awareness article is to make aware you from cybercriminals / Hackers. If you know above tricks written in these articles then I think you are update & very less chance to become victim of cybercriminals / Hacker. As I told you one of the best methods to protect yourself is “Awareness”.

Kindly Share this knowledge with as many people as you can and aware them about the misconceptions.Feel free to mention your queries/doubts in comments. Keep Learning. 

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

If you want to keep up-to-date on the Ethical Hacking Tutorials news, latest Tips & Tricks, latest scams & most important awareness and are a member of Facebook, don't forget to Join the Tricks4indya Facebook page to keep informed about the latest security.

Read More

From Where Spammers/Hackers Get You E-mail Ids

I know many of you always receive a special kind e-mail with advertisements known as spam & for social engineering hacking emails. You might be asking yourself from where a spammer/hacker might have got your e-mail ID. So here's the answer, following are some of the methods via which spammers gets your email ids.

·        Social Networking Sites:-

If you are a social network animal then you might know that sometimes we just add anyone as our friend without even knowing who the person is. Reason, most of us just want to show off that we have a big friend list. But there are some people who are actually preparing this friend list to get your e-mail ids. People hardly care about privacy settings and leave their telephone numbers and e-mail ids open for spammers/hackers to have a look on. Now how they extract your email ids, all major e-mail clients like gmail and yahoo provide their users with API(Application Programming Interface) to pull e-mail ids of friend list available on social networking sites. Once all emails are pulled spammer download this email list as excel sheet and your e-mail ids are now ready to get spammed.

·        Online Applications:-

If you have ever used facebook then you might be knowing whenever you access any facebook application it asks for access to all your private data, once you allow application access you give your e-mail to them, now they can use it for any purpose.

·        Online Games And Contests:-

Many people have habit of playing games online and contests that appears free with prize. The fact is that many people might be playing those games and only one gets prize via lucky draw. How much legitimate that appears. These contests are nothing but sure shot funds of companies to grab personal details of people visiting their sites. How this pays them, this list helps them prepare job lists for eligible and needy persons thus they don't pay a penny for job recruitment and also gets an employee ready to work on minimum payments. Next they can use this list to spam you with advertisement of their own products or they may even plan to sell their e-mail list to spammers for hefty amount.

·        Job/Technology/Career/Game Fairs:-

You might have seen many people standing with some kind of forms in these kinds of fairs to invite people with job opportunity, free stuff delivery or contest, which actually never is the case. Such fairs are good targets since by spending just few bucks a contact list with several thousand e-mail IDS and phone numbers is built that too without anyone suspecting.

·        Online Forums:-

Hey don't worry I don't mean they sell e-mail ids or their database are hackable. While on forums many people unknowingly don't set privacy settings, also they post their e-mail ids as it is as comment or reply. These e-mail ids can be extracted using software used for extracting e-mail ids.

·        Web Mail Extractors: -

Web Mail Extractors are software that search websites for patterns like this “@domain.com/@domain.net, @domain.org etc”. Once found they extract complete email ids and save them in their database. One such tool is “Web e-mail Miner”. For today I would advise you to download it and try to find out how it works. Don't worry about how to use it, you just have to enter name of site and press enter and it'll pull email for you. Try a name of famous online forum, guaranteed to get a list with more than thousand e-mails.

·        Improperly Configured or Unprotected Servers:-

Usually company uses two kinds of domains/servers one valid of all and one valid only for their employees and customers. Sometimes these two are interconnected with each other for employees to make changes to website that is public. The internal server for employees usually contains lot of information about their employees and job recruitment in excel sheets or PDF files which can be opened using browser. If they are not configured properly “Web Mail Extractors” can easily crawl in revealing thousands of quality e-mail ids.

Knowingly or unknowingly we might have made many of above mistakes which have lead our e-mail ids open to spammers or hackers. If you want to save yourself to begin hacked than please keep above points in your mind. Feel free to comment about what you think about above information.

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

If you want to keep up-to-date on the Ethical Hacking Tutorials news, latest Tips & Tricks, latest scams & most important awareness and are a member of Facebook, don't forget to Join the Tricks4indya Facebook pageto keep informed about the latest security.

Read More