In terms of modern ways of email hacking, there are unfortunately several possibilities you need to be aware of. If you are a security enthusiast, It can actually be pretty encouraging for you to know that there are so many different ways to work with. If you have read my earlier post on how email hacking works, you will have a clear picture of how ignorance of hacking methods can compromise your account.
When it comes to modern hacking strategies, there are a number of different things you can consider. However, the actual methods of hacking email (phishing, keylogging, etc) remain same as discussed in the previous post and to be able to actually carry out those methods, A Hacker may use other social engineering tactics or ways and we are discussing those in this post.
An email account is the gateway into your personal life which, unfortunately, means it’s also a valuable target for hackers to hack into your personal life. As they say, The biggest computer hacks of all time started with compromised email account.
Malware in general seems like something that is getting smarter all the time. When you break down the modern ways of hacking, you’re going to find that many of them come down to insidious, clever methods for getting malware into systems. Email hacking is one possibility, to be sure, but it’s not the only option available to you by a long shot.
Each year, Security researchers come across new techniques used by hackers that raise eyebrows. However they all revolve around old social engineering techniques. Here are some of the modern attacks, a hacker may use to collect your information and personal details to hack into your system or email.
Setting-up Fake wireless access points (Free WiFi)
This is one that can trip up even the smartest users. Creating a fake WAP or free WiFi is entirely too easy for anyone in this day and age. And who doesn’t crave for free WiFi?, We all use these free access points all the time whenever we get one, but we should really try to be more careful.
Once we are connected to such a point, it’s pretty easy for hackers to swoop in and take what they like over HTTP. The idea for the hacker is to set up an access point that sounds legitimate. People connect, and all of that unprotected data is there for the taking.
You would say most websites you use are encrypted (HTTPS enabled), so no way hackers can intercept the data you are sending in and receiving. Yes true, But hackers are always one step ahead.
Along with monitoring your HTTP traffic, The more devious hacker will ask their victims to create a new access account to use their ‘Free WiFi‘. Most users will likely use a common username or one of their email addresses, along with a common password they used elsewhere.
The “Free WiFi” hacker can then try using the victims credentials on popular email providers like Gmail or Yahoo-mail and get control of his/her email account and the victim will never know how it happened.
This doesn’t stop here, the hacker can even push malware into your system while you are creating an account for using free WiFi, getting your whole computer or phone compromised or steal your session cookie to access you authorized account session.
Bait and switch Hacking – used for phishing & malware spread
This is the hottest ongoing techniques used by hackers to install malware on to your system or carry out phishing attack to hack into your email account.
Ever noticed while you are at any download page especially when downloading pirated movies or songs, along with the legit download button you will find couple of more download buttons on the same page or sometimes you will be presented with popups claiming fake system errors on your computer. These are actually advertisements or in this case a bait-and switch attack carried out by hackers.
You think you are downloading/running safe, and then suddenly, this is no longer the case. Following the link to download something you want, you will begin by downloading random software’s.
This complicates quick detection and take-down of the Advertisement since the hacker first baits for legit advertisement and then switches it with malicious code without the download website’s consent and notice.
The waterhole attack – Hacking company email accounts
As the name implies, this is the practice of poisoning a physical or virtual location that a lot of people utilize, usually people from same organization or group. The benefits of doing so are enormous to hackers. A good example of this would be a coffee shop or a restaurant that a lot of employees from a particular Company hang out. A fake WAP or “Free WiFi” can be created to grab personal information from these employees and gain access to the network at the target’s place.
Usually Email service or client used by companies are all unencrypted i.e all employees access their email accounts over normal HTTP connection unlike popular email services like Gmail who use encrypted HTTPS protocol, leaving all the web traffic easily intercept-able and easy email hacking.
Companies like Facebook and Apple have been hit by these types of attacks in the past. Essentially, any popular meeting place is going to prove to be a potential target for a hacker.
Never trust public WiFi Access points and if at all you have to use it, then make sure you are accessing only HTTPS version of the website or use any VPN service which protects all your communications.
Never recycle your passwords. Always use different password for different websites, essentially Passphrase instead of password.