How to Prevent Email Hacking

on 08 September 2010

We know that day by day cyber crime is getting worse. Increasing cyber crimes and frauds has lead to a high demand for computer forensics field. We often hear from friends that their email account got compromised. You can also become a prey of email hacking. So let us see how a hacker can hack your email a/c & how you can prevent your email account from getting hacked.

email got hacked

Prevent your Email from being Hacked

You have to remain conscious to protect your email accounts from the latest internet threats. Hackers, phishing scams, insecure internet connections, using untrustworthy computers or software etc. can lead to your accounts getting hacked. Whether you are using Yahoo mail, Gmail (from Google), Hotmail or newly introduced email service from Facebook, this tips applies to any email provider you are using. The tips to secure your email account from different ways used by hackers to hack your email are as follows:

Prevention from Brute Force and Dictionary attacks

Note that there is no software available in which a hacker can just enter your username & he will get the password. Though a software for brute force is available which tries all the possible key combinations on the keyboard as a password. In a dictionary attack, the software tries all the words in a dictionary to match with your password.

Preventive Measure

This technique does not work now as most of the popular mail service providers have increased security & blocks an internet protocol(IP) address after 3 password trials. If you use a less popular mail service provider, just use a long password. This technique becomes useless to find passwords such as 10-15 characters long as it would take months to find the password! Also make sure that you don't use a word which is common and in dictionary.

Prevention from Social Engineering and Shoulder Surfing

Even a kid can hack your email using social engineering or shoulder surfing. So lets see how it works:

Shoulder Surfing or Guessing: If you use very weak passwords your family member or friends can guess your password easily if they are observing from behind while you were logging in your account. They might have seen some of the keys you are pressing while typing password & then they can make a guess of complete password.

Preventive Measure

Never use small passwords. Use a password of atleast 9 characters. Never use password such as your mobile no., birth date, girlfriend's or boyfriends's name or any password which anyone can guess easily. Use combination of capital and lower case letters, numbers & special characters(*,&,% etc.) in your password. Also make sure there is nobody around you while you are logging in.

Social Engineering: Have you noticed links like "forget your password" or "Cant access your a/c" at your login page? If you click on it, we are asked with 1 or 2 security questions. If you have kept this questions simple then a person who knows you can answer this questions. This is called Social Engineering. Even if the hacker does not know much about u, they can find information about you from social networking sites, by looking your profile or they can smartly ask you the answer while chatting.

Preventive Measure

Keep the security question as hard as possible.

Prevention from Phishing or Fake Logging Pages

This is a quiet popular method of fooling users. A hacker can make a fake logging page which looks similar to your email provider's login page & when you enter your password, it goes to hacker's server & not your email provider's server.

Preventive Measure

Always check the url of your login page before you enter your password.

Prevention from Keyloggers and RAT

A software called keylogger can record the keystrokes you press on the keyboard & send it to the hacker. By using a software called remote administrative tools(Commonly known as TROJAN) a hacker can not only get your email password but can also access your computer remotely & can see all the activites you perform. RAT has an inbuit keylogger to get your password & other information.

Preventive Measure

Always use anti-virus software on your computer and keep them up to date. Also install a good Firewall software.

Some keyloggers can even bypass this security software protection. To protect your account from this threat, instead of directly typing the password using keyboard you can use On-Screen Keyboard. In windows you can use on-screen keyboard by typing "osk"(without quotes) in the run dialog box.

on screen keyboard

Prevention from Network Sniffing

A hacker can sniff the network using special tools such as cain & abel and can decrypt your email password. This requires a very special hacking knowledge. The latest threat is a publicly available plug-in for Firefox called Firesheep that allows hackers to steal your account login information out of the air while you are connected to open wireless networks which is not encrypted.

Preventive Measure

You can't do much about this but always take internet connection from good ISP(Internet Service Providers). Always use HTTPS for your browser configuration settings. For sites like Facebook and Gmail configure your connection to always use HTTPS.

Web Browser and Windows Protected Storage

Windows store critical information like your passwords, url visited & much more. If the person has physical access to your computer using special software he/she can find your password. Also some users have habit to store passwords in web browsers. This can prove to be dangerous sometimes.

chrome save password

Preventive Measure

When your browser asks you to store password, don't accept it and just dont allow anyone to use your computer!

Some more tips to protect your email a/c:

  1. Avoid logging into your accounts from untrusted computers.
  2. Use different passwords for your different accounts.
  3. Never unveil your secret answer while chatting.
  4. Change your password regularly.
  5. Avoid using suspicious and less popular software and if it is necessary then check them first in virtual machine before using them.


Anonymous said...

thx for help

Post a Comment