Wednesday, August 19, 2009

E-mail Hacking

Its our aim to generate Information Security awareness among students so they can participate and build a secure and reliable internet community. Our sincere request to all students that they do not use any of our suggestion or tips for a wrong or unethical reason. All the best !!!

Mr. Patjoshi (named changed) is an eminent Professor in the field of Physics. He teaches in a well known Govt. University. He is a frequent flier; he travels to across the nation as well as abroad to attend various National & International Seminars. He is also respected & well connected in the corporate sectors in the country.

January 2008 when he was in Nigeria to attend an International Conference, he lost his handbag which had his passport, money & very important papers. He was virtually left with no money. Under this circumstances he sent an email to one of his close friend Mr. Dey, Managing Director of ABC Ltd. back in Kolkata & requested him to send him some money on urgent basis. Mr. Dey on receiving the email requested one of his colleague Mr. Som (who was in South Africa during this period) to enquire & help Mr. Patjoshi. Mr. Som sent an email (cc to Mr. Dey) to Mr. Patjoshi & requested him to provide him the Name & Address so he could moneygram the requested money. Mr. Patjoshi requested him to send the money in the name George Pent, Manager XYZ Hotel, Nigeria. Same evening Mr. Som sent Rs. 2500/- US$ through moneygram to the address mentioned in the email.

After a week Mr Dey met Mr. Patjoshi in a rotary club meeting in Kolkata, & asked him about his trip to Nigeria. Mr. Dey was in a complete shock when he was told the Mr. Patjoshi was in Kolkata last week & he has never visited Nigeria in his life time. Apparently Mr. Patjoshi Informed Mr. Dey that the email account is in question has got some problem. For last 10 days, he is not able to login to the same account, some password problem, even the forgot password option is also not working.

After investigation it was found that all the email received by Mr. Dey or By Mr. Som was originated from IP addresses which belong to Nigeria.

Status: Investigation is on

Email Hacking:: inside

How could someone know Patjoshi’s password?

Situation 1: Mr. Patjoshi has told someone his password, someone very close to him. That some one has used the opportunity to rob Mr. Patjoshi.

# Never disclose your password to anybody, there is always a possibility that person will misuse the same. Never write down your password in any place. Don’t have same password for more than one account. Is same as having 4 different locks & but one key for all.

Situation 2: Mr. Patjoshi may have accessed his email account from a public computer (cyber cafĂ©, office common area). Computer he used could have stored his password on the local browser, so someone who accessed that computer after he left will be in a position to access Patjoshi’s email account with auto complete/fill up option of the browser.

# Always make sure that the auto save option / remember password option in the local browser is switched off. Make sure that you clear your browsing history & also delete all cookies from the computer that you have used in public places.

Situation 3: The computer Mr. Patjoshi used to access his email account may have been affected with a Trojan (a tiny software code which can record all the proceeding & work of your computer & then email it to a predefined destination).

# Usage of original antivirus & regular update of the same along with regular scan of the computer for all these malicious code could prevent such thing.

Situation 4:
Mr. Patjoshi may have downloaded some third party software from the net or installed some third party games without proper checking, which may have infected a Trojan or installed some key-logger in his computer.

# Do not install any third party software or download any code from any non reputed website which may install a malicious code in the computer

Situation 5: Mr. Patjoshi may have used any proxy sites some time to access his own email account. Which could have store the ID & Password for his email account.

# Never use any unsecured proxy site to access your email or bank account.

Situation 6: Mr. Patjoshi could be a victim of Phishing sites. (A blog on phishing to be published later)

Situation 7:
Password use for the account or the answer for the secret question under forgot password option could have been very easy to guess.

# Always use alphanumeric & special character for the password. Don’t use any dictionary word. Try to have more than 8 characters as password. Regularly change the password. Answer to the secret question should be a very personal one; no body should be able to guess that.

2 comments:

  1. It was a good infomation about how ur email password can b hacked n how u can prevent this.Nice

    ReplyDelete
  2. these points are necessary for everybody using email facility to know

    ReplyDelete