How to protect email account getting hacked!

"My Email account is hacked" or " Some hacker has hacked my email account", did these quotes sound familiar to you Guys, if not then soon gonna be if you are not aware of latest techniques used by hackers to hack into your email accounts. After reading such comments there are two things that always come to my mind, either hacking email account is to easy for hackers or protecting email account for getting hacked is too difficult. And after thinking about both above points, i starts laughing because both are true for Hackers and both are false for unaware users.

Note: If a Hacker wants to hack you Email or system, he will hack it. The only thing you can do is, just make it harder for him to do it.

Friends, after spending my precious 5 years in field of Hacking and Cyber security, i reached a very simple conclusion. Email accounts can only be hacked by means of Social Engineering technique, and whoever says that he can hack email account using some other technique then friends he is a liar.

Now what all topics are covered in Social Engineering Technique:

1. Phishing or fake page login technique.

2. Spreading Keyloggers in form of cracks, keygens, or hack tools(RAT's , keyloggers, etc).

3. Shouldering passwords.

4. Guessing Weak Passwords.

5. Compromising Accounts with Friends or team mates

6. Using Accounts from Cyber cafe's or other insecure places like friends PC or college PC's.

So friends let's start from one by one, how you all can protect yourself from hackers.

1. Phishing or Fake Pages Login Technique

In this technique, what hacker does is that, he makes a local(fake) copy of original website which looks absolutely similar to original one and attaches his PHP action scripts to record the passwords and then uploads that local copy to some free web hosting server. After uploading, he shares the links with friends or victims by three different ways:

a. By Sending Emails : Emails can be spoofed and looks like they are coming from genuine sources like Gmail Support or Yahoo Support etc or Simply from your most trusted friends.

Now which type of emails you should not open:

1. Emails asking for account verification:  These emails ask for you email account username or passwords to verify your details.
2. Emails showing Prize Money or lotteries: Nowadays, we all receive a lot of email messages like "You have Won Prize Money or Lottery of so and so amount. These emails usually ask your name, age occupation, mobile number, sometimes credit card details. And when you provide all these information they ask you to verify your Mobile number. They usually say you will receive one unique verification code on your mobile and ask you to enter that verification code in some unknown website.  Note: This is mobile phone verification  loophole of all Email services. They all sent verification in below format: " Your Google Verification Code is 123456 or Your Yahoo verification code is 123456 or Your Hotmail verification code is 123456". Means these services doesn't mention that "your Gmail or Yahoo or Hotmail password reset code is 123456" so user is easily get fooled by such offers and become the prey to hackers.
3. Emails from unsolicited or unknown sources: Never open the emails which comes from unknown sources.
4. Never access any social networking website link from your email as it can be a Phish Page link.

Some useful and handy guidelines to identify Phish Pages:

1. Always check the URL in the address bar ( both source and destination). Never login in the URL which has website URL other than the original one.

2. Most important: Always use web security toolbar(avg,avira or crawler etc), most of them are available for free. They will detect the fake pages and warn you from opening them.

b. Using Chat services

Never open the links that are being posted in chat rooms, there are lots of Ajax and java scripts available in market that can retrieve all your stored passwords from your web browser.

c. Sharing Content on some website and that website is asking for registration with is followed by email verification. Hackers share their links on famous forums or torrents, when user open these link either of the above two things happen or a key logger or RAT is attached with them that will record you email address and password and send the information to hackers email account or FTP mail.

2. Spreading Keyloggers in form of cracks, keygens, or hack tools(RAT's , keyloggers, etc).

This is the most used hacking technique used by almost every hacker to hack the users email accounts. In this technique, hackers attach their keylogger or RAT servers with the crack or keygen or patch or hack tools and whenever user executes that it got installed automatically. 

In this case hackers use the below loophole: Whenever you open a keygen or patch or crack or hack tool, your antivirus shows you are warning message but users always ignore these as hackers or cracks provider has already instructed the users that turn off the antivirus before running patch or keygen.

So friends 4 things to note here:

a. Never use cracked or patched software's as they already contains Trojan's which are controlled on basis of timestamp. 

Solution: Look for any freeware providing the same features. If you request i will give you the list for freeware alternatives for all paid software's.

b. Never turn off your antiviruses or anti-spywares or web security toolbar.

c. Regularly update your antivirus and anti spyware programs.

d. If you wanna try any hacking software or hack tool, then always use sandbox browser or use Deep Freeze. 

3. Shouldering passwords

Seeing or watching the user, while he/she is typing his password is called shouldering. Most of time we types our passwords in front of our friends or colleagues. Nowadays what usually friends or classmates do is that, they stand in back of you and keep a eye on you while you are typing passwords. This technique is also used at ATM machines, thieves or malicious people watch people while they were entering the ATM pin and then misuse that online.

Solution: Always take care that nobody is watching you while you are typing passwords. If not possible to do so try to avoid logging into your accounts when your friends are near you.

Note: Never store passwords in your web browsers. Otherwise, friends like me ask you to bring water for me and when you go out, i will see you all saved passwords :P..

4. Guessing Weak Passwords

Its not a new thing, i have told people more than hundreds of time not to use weak or very common passwords but they will never learn. Few basic passwords that unaware or novice IT people use:

a. 6 to 8 consecutive character on the keyboard or alphabets like qwerty, 1234567, abcdefgh etc.

b. Atleast 30% of people keep their current or previous mobile numbers as their passwords.

c. More than 10% keep their girlfriend name or her mobile number as password.

d. But nowadays password policy are quite good, so novice people also became smart as most of websites ask atleast one Capital letter, one number and one special character in password. Now friends, guess what will be their passwords:

1. Suppose its december then their password will be like: Dec@2011 or Dec123! or Dec2011@.

2. How can they forget keyboards consequite keys like qwert123!, qwerty123$, abc123! etc.

3. Offcourse, none can forget his girlfriend name : girlfrindfirstname123! or more smart people GFNAME1!.

Hahaha.... thats really foolish.

Some tips for strong passwords:

1. Always keep your password atleast 8 chars long.

2. Use special characters and number and small n upper case combination in your password.

3. Verify your mobile numbers if available.

4. Keep changing your passwords at-least once a month.

5. Compromising Accounts with Friends or team mates

Its one of the most common problem with team mates and friends. "Today i am not coming to office or college, please use my login ID and password and forward the details or some files" or "Your friend went to your home and suppose you are away from your house, now what you will do, hey use my username and password and take your files or documents". What the hell is this? You call yourself professional, and every time you yourself violating the password and account policy norms.

Never share your account information with anyone. People like me are very dangerous, if you share your pass with me then you are done :P..

Solution: Never tell your account information to anyone. If its urgent, you can share it but you need to change your details as soon as possible.

6. Using Accounts from Cyber cafe's or other insecure places like friends PC or college PC's. 

Most of cyber cafe's or college computers have keyloggers or rats installed on them. Whenever you login into your account through cybercafe, none can give you assurance that your account is safe or hacked. So always play it safe. If you login into your account through cyber cafe's, always change them as soon as possible. 

Now friends, if you follow all the above steps told by me, then your account can never be hacked and for sure you will never get a chance to say "My EMail account is hacked" or "Someone has hacked my email".

So play safe to live n enjoy safe. That's all for today, hope you all have enjoyed my tutorial on how to protect your email account from getting hacked.

If you have any queries ask me in form of comments. 

Read More

5 Ways to Check if you are Hacked

NOTE:- Before doing these steps, close all the downloads and web pages. Make sure on torrent ofwindow update install is going on but stay connected to internet.

1) The first method is very simple for all the people using an ADSL router. After all the internet downloads are closed, just check the status of Ethernet light. It should not blink at a very fast rate. It shows that packets are being transferred in and out of your computer.
But as there is no active download or internet activity so no packets should transfer. If so… you might be hacked

2) goto run and type cmd. The command prompt will open. In the command prompt type

netstat -a

This shows the list of active internet connections, check if any unnecessary internet connection is ESTABLISHED. If so, you might be hacked

if you type just netstat, you will get the list of all the netstat commands, you may try the other commands as well.

3) You notice any abnormal activity in your computer, like your computer hangs for a couple of seconds every time you switch it on or in between your tasks (if it occurs often), there is a chance that you are hacked. Often keyloggers and trojans are configured to deliver all the log information to the destinationip address/ ftp address after reqular interval of time. And when this information is being sent, the browser hangs for some time.

4) Use softwares like TCP view, it gives the list of all the connections made through TCP. This software is capable of detecting almost all the trojan/malicious connections.

5) Keep the antivirus updated and install an external firewall like comodo. If your antivirus is not updated regularly, it is as good as nothing. If you don’t update your antivirus reqularly and often exchange data from other computers and download a lot of files. There is a great possibility that you are hacked.

Beware!! Stay updated, stay Protected.

I am sure this was something new for most of you out here..;-)

Read More

Top 7 Ways to Avoid Cyber Attacks

Viruses and identity theft are not new issues, but recently, individuals and companies are at a much greater risk as a result of the unanticipated increase in internet and technology use. Follow these tips to protect yourself from such an attack so that you won’t be the next victim. 

Foe example, you receive an email promising a great joke if you open the attachment. You're not sure who sent it but you feel like a laugh and open it anyway. Big mistake. 
Attackers can break into your computer by sending you an email attachment with malware (malicious software) or downloading malware on to your computer when you open a link on a webpage. 
They want to use personal and financial details on your computer to steal money, buy things on your credit card or open up bank accounts in your name. 

Anyone who uses the internet needs to be aware of basic computer security: 

1. Don't click the link 

If you don't know who sent the email, or if it's not a trusted website, then don't click the link. 

Beware: there is always an increase in email phishing scams around Christmas, whereby scammers have a fake retail store website and capture your credit card details when you buy online. 

2. Install Antivirus software 

Always have up-to-date antivirus protection and get regular updates, Don't press 'do it later' and update six weeks later. 

3. Use strong passwords 

Most of the population is still using '1234567' or their first name and last name, 

The problem is that there are about 20 different things that require passwords. The strategy now is to write them down it is a complete U-turn and put them in your wallet [which is usually in a safe place]. If you lose your wallet, you stop your credit cards and can also reset all your online passwords. 

* Never click 'remember my password'. 

* Use capitals, lower case, numbers and symbols in passwords. Don't use words in the dictionary. 

* Change passwords regularly. 

* Password software is good at generating strong passwords but the human brain is the best tool of all. 

4. Keep software up to date 

This will ensure your software has the latest security upgrades. Attackers are always thinking up new ways to penetrate security. Don't ignore update notifications. 

5. Reconfigure wireless routers 

Buy a router with secure wireless encryption, otherwise your information is unprotected and can be stolen: for example, when banking or shopping online. 

When you get a new modem from a network provider, it may not be secured to encrypt traffic. People should go to the administration panel and configure their wireless network to WPA (Wi-Fi Protected Access) or WPA2 encryption. 

Reconfiguring routers is easy and something people don't do properly. 

Change the name of the router to something obscure, otherwise it gives attackers information on how best to attack that router. Also, change the default login to a unique password. 

6. Encrypt email 

Learn to use email encryption for sensitive documents. 

Don't send emails such as a child's health resume using Gmail or Hotmail. "There was [the recent case] where a Gmail employee started going through people's email accounts." 

7. Use a secure web browser 

Firefox or Opera are secure web browsers 

"Internet Explorer is highly targeted by attackers because it is on so many machines. IE generally takes longer to patch or fix vulnerabilities." 

Eliminating internet and computer use from your life is impossible, so be sure to practice safe computing habits to protect yourself from cyber attacks. 

Read More