We have almost stopped writing paper letters, those on crispy brand-new sheets. The lion’s share of the correspondence is now sent via Emails. And often it is not even personal correspondence. For personal purposes, we have different messengers and can have an interactive dialogue. Usually, Emails are used for sending business letters, which contain sensitive information. Thus, the Email data protection is extremely important.
How to hack Email
- By the phone number. If your phone number is connected to your Email account, and a hacker knows it, the following scheme can be used. Hacker contacts the mail service to reset the password and specifies the real user’s phone. The mail service sends a code to this phone number to confirm the password changing. The hacker, in his turn, sends the SMS as if on behalf of the mail service, requesting to specify this code. If the account owner does not notice the difference in the address of the two SMS senders, the hacker will get a one-time password and use it for his own purposes.
- Using the Trojan Virus. One of the most convenient ways to hack Email is to install a Trojan virus on a victim’s computer. The malware is usually sent in the form of the link in the Email. The only difficulty is to convince a user to follow this link. Since only the most naive people now fall for the freebies, which were so popular previously, the cyber hackers had to change their attack style. Now, the virus-infected Email may look like a letter from the bank or internet provider: with seals, logos, and an offer to download a file with new rules or to install a client-bank software system. Trojans are constantly being improved. Unfortunately, antivirus software cannot detect all of them.
- By getting physical access to the victim’s computer. Having an opportunity to stay alone with the victim’s computer at least for a short time, the hacker can install a key logger or a password recovery program. In the first case, a special key logger hardware or software will record everything the user is typing (including passwords), and then the logs are emailed to the hacker’s address. With the help of the password recovery tools (which generally are not detected with antiviruses), the ready-made data can be received immediately. There is a simpler version of how to hack an e-mail, even without special programs. Just copy the Cookies catalog and analyze it with the passwords search tool. However, this can only work if passwords are stored in the browser. And this is what the vast majority of users exactly do.
- Using social engineering. Hacking of the CIA director Brennan’s Email account has become one of the most clamorous recent scandals. It is surprising that an Email of the Head of the Intelligence Agency was hacked by a teenager who hadn’t deep technical knowledge. The young hacker contacted the mobile operator, introduced himself as a technical support employee and found out all Brennen’s personal information he needed. Then he called his Email service customer support on behalf of the account owner and asked for the password recovery. Since the necessary information (account number, phone number, PIN-code, etc.) had been already received during the previous call, the request did not cause any suspicion. This case is a vivid example of how to hack the Email knowing the basic victim’s account information. Learn more about social engineering here.
- Using phishing. It is used quite often – and not just to hack Email but in many other cases. A hacker creates a fake login page similar to the service the password to which he wants to get. The user receives an Email as if on behalf of the administration of this Email service. For example, that the mailbox will be locked, and to avoid it, you need to confirm the password. You can learn more about phishing here.
- Getting to know your mother’s maiden name. Most Email services use secret questions for password recovery. For example, your mother’s maiden name, your favorite brand of car or your favorite author. If the attacker has some information about the user whose Email is supposed to be hacked, he can try to use it to recover the forgotten password. It should be added that nowadays the search for information belonging to complete strangers is not a problem for the hackers. Users share their tastes and preferences themselves in social networks, mentioning their pet nicknames, names of favorite writers and musicians without thinking that these data may be used as a secret answer.
- Using brute force. The special program can find a matching password by moving different variants. However, the services usually block the mailbox after several unsuccessful attempts. Thus, brute force is considered the most inefficient and dependent on the accidental luck. Learn more about brute force attack here.
- Going to an expert. Can you hack Email without proper skills? It turns out to be possible. The Internet is full of special agencies that allow hiring a professional for this purpose.
How to prevent the Email hacking
There are many ways of hacking and only two basic tips to avoid this, but each of them is very important.
- Two-factor authentication. Two-factor authentication can fight off almost any hacker’s attack. You can use different means of user authentication, but OTP token is especially effective. The latter doesn’t depend on the Internet connection, it is additionally protected by the PIN-code and the data signing function – Confirm What You See (CWYS). Protectimus OTP tokens with CWYS function use some important parameters, for example, user’s IP-address, for the one-time password generation.
- Vigilance. Always pay attention to the Email addresses from which you receive the messages, and don’t follow unconfirmed links. Never post your phone number on a public network, use different passwords for each account.
We all know these little rules and they may seem inefficient at the backdrop of the hackers’ tricks. But they are not. They may weigh the scales on the user’s side and, at least, obstruct the hacker’s activities.