The most depressing thing about email accounts
is that they are so unprotected. People tend to use
easy passwords and lame security questions. They
tell themselves, "hey, if anyone does get in, big deal."
Big deal? Actually yes, it's a very big deal.
about it. How many other accounts do you have linked to
your email? Practically every site requires an external
email to make an account. The problem lies mainly in the
"forgot password?" button on most sites. many of them
just ask some simple piece of info when clicked on, while
most depend on sending you your password through your
external email account.
So doesn't it make sense, if you
were trying to access someone else's internet accounts,
that they best place to get access to is their email?
The rest will just fall into place.
Of course, search engines make this as easy as it is.
Let's look at an example. let's say you wanted to get
access to your friends myspace account. First we'll need
to find out what email account they use to access their
myspace look at their
myspace. what screennames do they use? maybe their account
is www.myspace.com/aguywholikesgettinghacked. Well,
google that name, and variants of it, see what you find.
Maybe you'll find some account for an MMORPG site that
uses the same name, and it has an email displayed. let's
say the email is email@example.com.
Now you could go to myspace and "search by email." if it
comes up with your friends page, then congrats, you've
now found out what email account he uses to log in.
Now is when the email's lame security comes into play.
If you click on the "forgot password" tab of yahoo.com,
there are two ways to get it back. first, is to find out
what external email they use for yahoo (repeat first steps)
then access that email. Second, enter info and get it reset.
This is the easiest.
Most of people's information is on the internet, somwhere.
The trick is to find the info you need. Birthdate is quite
easy, especailly if looking at their myspace, xanga, etc.
zip codes are easier. if you know what town or city they live in, you can google that town for its zip codes, and enter them one by one till you find the one they're under. Security questions are the toughest part, and yet, still not that difficult.
If it's their mother's maiden name for example, there are plenty of ways to get this information. For most of what I've seen, birth records are usually somewhere in google. If the person was born before theyre parents were married, you will find her maiden name there. If not an easy fix, you will be required to do some digging. it may be a while before you discover this info. But alas, if this
is someone you know, or are in the same town with, social engineering and just asking questions can get you the information you need. Easier questions, like their pet's name, is usually in a blog somewhere or something you could get out of someone they know. the greatest tool in information gathering is social engineering.
(Side note: the worst email security i've seen was in hacking a .com . WHOISing the site, i found the hosting site and login email used for this site. as I went to the email account, I tried simple passwords first. Oh. My. God. the password was, you guessed it, "password." then i preceeded to deface the site as a joke on my friend, the owner
of the site, who to this day still doesn't know how i did it.)
Once having access to the email, go back to myspace.com and click "forgot password" and it will sent their pass to their email, and once you have it, memorize it and delete the email.
While having access, don't be shy to look at other emails. Not personal, of course, but emails from other .coms. perhaps they recieved an email from dell.com. why not try the same tactics to get their password to dell?
All of this can be dangerous if you reset the password, cause they'll know something was wrong. Never hack two accounts in one day, always wait, so that they think one had nothing to do with the other.
I've hacked countless of accounts this way, it's proven to be a great tool in my hacking career. The hardest part is learning how to find information, but its a skill that can be mastered. Having read all of this, I hope you've learned the dangers in email, and at least try to prevent easy access to your email accounts. For example,change your
security questions to things even your closest friends couldn't know.
Cast your vote on this article 10 - Highest, 1 - Lowest