SlideShare una empresa de Scribd logo

TH3 Professional Developper CEH hacking email accounts

th3prodevelopper
th3prodevelopper

Hacking E-mail accounts

EducaciónTecnologíaEmpresariales
1 de 48
Descargar para leer sin conexión
Ethical Hacking and Countermeasures Version 6 Module XIII Hacking Email Accounts
News Source: http://uk.news.yahoo.com/ Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Module Objective This module will familiarize you with: • Ways of Getting Email Account Information • Vulnerabilities • Tools • Security Techniques • Creating Strong Passwords • Sign-in S l Si i Seal Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Module Flow Ways of Getting Email Security Techniques Account Information Vulnerabilities Creating Strong Passwords Tools Sign-in Seal Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Introduction Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Introduction Hacking H ki email accounts has become a serious th t il t h b i threat Email accounts are the repositories where people store their private information or even their business data Due to the widespread use of the Internet techniques and tools hacker can access the user ID and email password p Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Ways for Getting Email Account Information Stealing Cookies Social Engineering Password Phishing Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Stealing Cookies If a web site uses a cookie, or a browser contains the cookie, then every time you visit that website, the browser transfers the cookie to that website If a user’s cookie is stolen by an attacker, he/she can impersonate the user i h If the data present in the cookies is not encrypted, then after stealing the cookies an attacker can see the information which may contain the username and the password Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Social Engineering Social engineering is defined as a “non technical kind of intrusion non-technical that relies heavily on human interaction and often involves tricking other people to break normal security procedures.” Social engineering hackers persuade a target to provide information through a believable trick, rather than infecting a computer with malware through a direct attack Most of the persons unwittingly give away key information in an email or by answering questions over the phone such as names of their children, wife, email ID, vehicle number and other sensitive , , , information. Attacker use this information for hacking email accounts Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Password Phishing The process of tricking user to disclose user name and password by sending f k emails or setting up f k website which mimics sign-in di fake il i fake b i hi h i i i i pages is called phishing After gaining Username and password, fraudsters can use personal information to: Commit identity theft Charge your credit card Clear your bank account Change the previous password Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Fraudulent e-mail Messages You might receive an e-mail message from e mail bank asking for updated information The message provides the target user with a link to a legitimate site but redirects the user to a spoofed one That message ask for Login, password, and other sensitive information Attacker can use this information for hacking email accounts Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
News Source: http://www.consumeraffairs.com/ Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Vulnerabilities Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Vulnerabilities: Web Email While using web based email service, after clicking a link p g , g present in the email body, it transfers from URL of the current page (webmail URL) to the next page (link present) This information is transmitted through third party web servers Information can include: • Email address • Login ID • Actual name Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Vulnerabilities: Reaper Exploit The confidentiality of email can be brought down by the micro virus like Reaper Exploit Reaper Exploit works in the background and sends a copy of reply or forwarded mails to the hacker This exploit uses the functionality of DHTML in p y Internet Explorer, used by Microsoft outlook Email clients who make use of the internet explorer as their HTML engine are vulnerable Email scripting should be turned off to prevent off, from this attack Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Email Hacking Tools Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: Advanced Stealth Email Redirector This program monitors outgoing traffic of the target PC's email client and intercepts all the messages sent from it Intercepted emails are forwarded to a p pre-specified email address Advanced SER does not intercept emails sent from web-based email services like www.yahoo.com, www.hotmail.com etc Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: Mail PassView Mail PassView is a small password-recovery tool that reveals the passwords and other account d il f the f ll i h d d h details for h following email clients: • Outlook Express • Microsoft Outlook 2000 (POP3 and SMTP Accounts only) • Microsoft Outlook 2002/2003/2007 (POP3, IMAP, HTTP and SMTP Accounts)) • Windows Mail • Netscape 6.x/7.x • Mozilla Thunderbird • Group Mail Free • Yahoo! Mail - If the password is saved in Yahoo! Messenger application • Hotmail/MSN mail - If the password is saved in MSN Messenger application • G il - If th password i saved b G il N tifi application, G Gmail the d is d by Gmail Notifier li ti Googlel Desktop, or by Google Talk Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Mail PassView: Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: Email Password Recovery Master Email Password Recovery Master is a p g y program that displays logins and passwords for email accounts stored by: • Eudora • The Bat! • Becky B k • IncrediMail • Gmail Notifier • Group Mail Free • PocoMail • Forte Agent • Mail.Ru Agent • Scribe Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Email Password Recovery Master: Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: Mail Password Mail Password is a universal password recovery tool for POP3 email accounts It recovers all POP3 email logins and passwords stored on your computer by your email software Mail Password emulates a POP3 server and the E-mail client returns the password It supports all email programs, including Outlook, Eudora, The Bat! and more d Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Mail Password: Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Email Finder Pro Email Finder Pro extracts business emails from a file or a directory containing files Fast and simple email address extraction utility Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Email Spider Easy Email Spider Easy is a targeted bulk email marketing software k ti ft Quickly d Q i kl and automatically search and spider f i ll h d id from search engine to find e-mail addresses Integrated with 90 top popular search engines: Yahoo, Google, MSN, AOL, and so on Fast search speed allows upto 500 email extraction thread simultaneously Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Email Spider Easy: Screenshot Figure: Email Spider Easy Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Kernel Hotmail MSN Password Recovery Kernel Hotmail & MSN Password Recovery software recovers th stored or saved password of th the t d d d f the Hotmail and MSN Messenger account from your computer Supports all versions of MSN Messenger pp g Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Kernel Hotmail MSN Password Recovery: Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Retrieve Forgotten Yahoo Password Retrieve Forgotten Yahoo Password cracks Gmail, Yahoo passwords It retrieves encrypted characters hidden behind asterisk**** It restores hacked pop3 email IDs and passwords Features: • Decodes the coded user and owner password which provides the standard security to prevent PDF files from copying, printing, and editing • It reveals the Yahoo, Hotmail, Gmail, Indiatimes, Rediffmail, and MSN account passwords t d Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Retrieve Forgotten Yahoo Password: Screenshot Figure: Retrieve Forgotten Yahoo Password Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
MegaHackerZ MegaHackerZ helps you crack passwords to any email address It will help you to get the password you desire, instantly Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Hack Passwords The Email Password hacking software will get you any Password you need eed It allows to take command and control of any email Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Securing E il A S i Email Accounts Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Creating Strong Passwords Best way to protect from hackers is to use the strong password A strong password is one which cannot be determined by automated programs A strong password contains: • Seven to sixteen characters • Choose a phrase or combination of words • Uses three of the following four types of characters: • Uppercase letters (A, B, C) • Lowercase letters (a, b, c) • Numerals (1, 2, 3) • Special characters (` ~ ! @ # $ % ^ & * ( ) _ + - = { } | ( [ ] : " ; ' < > ? , . /) Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Creating Strong Passwords: Change Password Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Creating Strong Passwords: Trouble Signing In Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Sign-in Seal Sign in Sign-in seal protects account from phishing Sign-in seal is a custom text or image set up by the user on the computer User needs to create different sign-in seal for different browsers and computers Do not create sign-in seal on networked g computer Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Alternate Email Address Alternate email address are prompted at signup At the time of password recovery, passwords can be sent to the recovery alternate email address Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Keep Me Signed In/ Remember Me When you login on any site, there is checkbox like "Keep me signed in" or “Remember Me” If you select this option, next time it will automatically open your account in same computer If attacker handles such a system, he will get access to the email account If you are using a public computer it is computer, recommended that you uncheck the checkbox Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: Email Protector Email Protector protects password and automatically logs off your email account Email Protector shows you how to add password protection to your Outlook Express email Figure: Email Protector Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: Email Security Internet Service Provider (ISP) stores copies of all your email messages on its mail servers All the information kept on the servers can b p be easily used against you Email Security always breaks email messages addressed to a group of people to individual messages to ensure y g your as well as respondent’s p security Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Email Security: Screenshot Figure: Email Security Main Window Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: EmailSanitizer EmailSanitizer is a filter between the incoming email server, and your computer EmailSanitizer Lets you keep track of how much spam is being stopped and how many viruses are being destroyed Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: SuperSecret SuperSecret provides secure storage for all of your logins and passwords so th t you only h d that l have one password t remember d to b from now on Only one password is required to use SuperSecret All of your other account and password information is stored securely in an encrypted format on your computer and can be accessed only with your one and only password d l ih d l d Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
SuperSecret: Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Summary Username and password can be revealed if it is stored in cookie and is not encrypted The confidentiality of email can be brought down by the micro virus like Reaper Exploit A strong password is one which cannot be determined by automated programs Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

Recomendados

Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securityCe hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional security
defquon
 
Phishing
PhishingPhishing
Phishing
defquon
 
TD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoorsTD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoors
th3prodevelopper
 
TH3 Professional Developper CEH sniffers
TH3 Professional Developper CEH sniffersTH3 Professional Developper CEH sniffers
TH3 Professional Developper CEH sniffers
th3prodevelopper
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
Kislaychd
 
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database ServersCe Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database Servers
Kislaychd
 
Module 2 threats-b
Module 2 threats-bModule 2 threats-b
Module 2 threats-b
BbAOC
 
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking TechniquesCe Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Kislaychd
 

Recomendados

Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securityCe hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional security
defquon
 
Phishing
PhishingPhishing
Phishing
defquon
 
TD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoorsTD3 Drofessional Developper CEH trojans & backdoors
TD3 Drofessional Developper CEH trojans & backdoors
th3prodevelopper
 
TH3 Professional Developper CEH sniffers
TH3 Professional Developper CEH sniffersTH3 Professional Developper CEH sniffers
TH3 Professional Developper CEH sniffers
th3prodevelopper
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
Kislaychd
 
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database ServersCe Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database Servers
Kislaychd
 
Module 2 threats-b
Module 2 threats-bModule 2 threats-b
Module 2 threats-b
BbAOC
 
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking TechniquesCe Hv6 Module 18 Web Based Password Cracking Techniques
Ce Hv6 Module 18 Web Based Password Cracking Techniques
Kislaychd
 
2 phishing
2 phishing2 phishing
2 phishing
Yadavalli Thripura
 
20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-world20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-world
Luc Beirens
 
IT Security booklet
IT Security bookletIT Security booklet
IT Security booklet
iteclearners
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Small Business
 
Computer security
Computer securityComputer security
Computer security
Dhani Ahmad
 
Cyber crime in WORLD
Cyber crime in WORLDCyber crime in WORLD
Cyber crime in WORLD
Avasyu Gupta
 
I.T Security Threats
I.T Security ThreatsI.T Security Threats
I.T Security Threats
Umakant Mishra
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hacking
th3prodevelopper
 
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersCe hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insiders
Vi Tính Hoàng Nam
 
Don zaal a 11.15 11.45 fccu
Don zaal a 11.15 11.45 fccuDon zaal a 11.15 11.45 fccu
Don zaal a 11.15 11.45 fccu
webwinkelvakdag
 
Information-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxInformation-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptx
anbersattar
 
TH3 Professional Developper CEH phishing
TH3 Professional Developper CEH phishingTH3 Professional Developper CEH phishing
TH3 Professional Developper CEH phishing
th3prodevelopper
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Sanket Gogoi
 
Ethical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityEthical Hacking and Cyber Security
Ethical Hacking and Cyber Security
Neeraj Negi
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
mark scott
 
Cyber security and privacy
Cyber security and privacyCyber security and privacy
Cyber security and privacy
JIJO CLEETUS
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
securityenvironment.pptx
securityenvironment.pptxsecurityenvironment.pptx
securityenvironment.pptx
rehamrere
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Sanket Gogoi
 
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
Intellipaat
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
Vi Tính Hoàng Nam
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Sahil Daw
 

Más contenido relacionado

La actualidad más candente

Don zaal a 11.15 11.45 fccu
Don zaal a 11.15 11.45 fccuDon zaal a 11.15 11.45 fccu
Don zaal a 11.15 11.45 fccu
webwinkelvakdag
 
Information-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxInformation-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptx
anbersattar
 

La actualidad más candente (11)

2 phishing
2 phishing2 phishing
2 phishing
 
20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-world20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-world
 
IT Security booklet
IT Security bookletIT Security booklet
IT Security booklet
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
 
Computer security
Computer securityComputer security
Computer security
 
Cyber crime in WORLD
Cyber crime in WORLDCyber crime in WORLD
Cyber crime in WORLD
 
I.T Security Threats
I.T Security ThreatsI.T Security Threats
I.T Security Threats
 
TH3 Professional Developper google hacking
TH3 Professional Developper google hackingTH3 Professional Developper google hacking
TH3 Professional Developper google hacking
 
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersCe hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insiders
 
Don zaal a 11.15 11.45 fccu
Don zaal a 11.15 11.45 fccuDon zaal a 11.15 11.45 fccu
Don zaal a 11.15 11.45 fccu
 
Information-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptxInformation-Security-Lecture-8.pptx
Information-Security-Lecture-8.pptx
 

Similar a TH3 Professional Developper CEH hacking email accounts

Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
mark scott
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
Keshab Nath
 

Similar a TH3 Professional Developper CEH hacking email accounts (20)

TH3 Professional Developper CEH phishing
TH3 Professional Developper CEH phishingTH3 Professional Developper CEH phishing
TH3 Professional Developper CEH phishing
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Ethical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityEthical Hacking and Cyber Security
Ethical Hacking and Cyber Security
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
 
Cyber security and privacy
Cyber security and privacyCyber security and privacy
Cyber security and privacy
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
securityenvironment.pptx
securityenvironment.pptxsecurityenvironment.pptx
securityenvironment.pptx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
How To Prevent Cyber Attacks | Types of Cyber Attack | What is Cyber Attack |...
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Ce hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internetCe hv6 module 45 privacy on the internet
Ce hv6 module 45 privacy on the internet
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Web Security
Web SecurityWeb Security
Web Security
 
Cyber Safety and cyber security. Safety measures towards computer networks a...
Cyber Safety and cyber security. Safety measures towards computer networks a...Cyber Safety and cyber security. Safety measures towards computer networks a...
Cyber Safety and cyber security. Safety measures towards computer networks a...
 
HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHING
 
20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 

Último

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 

Último (20)

2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 

TH3 Professional Developper CEH hacking email accounts

  • 1. Ethical Hacking and Countermeasures Version 6 Module XIII Hacking Email Accounts
  • 2. News Source: http://uk.news.yahoo.com/ Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 3. Module Objective This module will familiarize you with: • Ways of Getting Email Account Information • Vulnerabilities • Tools • Security Techniques • Creating Strong Passwords • Sign-in S l Si i Seal Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 4. Module Flow Ways of Getting Email Security Techniques Account Information Vulnerabilities Creating Strong Passwords Tools Sign-in Seal Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 5. Introduction Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 6. Introduction Hacking H ki email accounts has become a serious th t il t h b i threat Email accounts are the repositories where people store their private information or even their business data Due to the widespread use of the Internet techniques and tools hacker can access the user ID and email password p Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 7. Ways for Getting Email Account Information Stealing Cookies Social Engineering Password Phishing Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 8. Stealing Cookies If a web site uses a cookie, or a browser contains the cookie, then every time you visit that website, the browser transfers the cookie to that website If a user’s cookie is stolen by an attacker, he/she can impersonate the user i h If the data present in the cookies is not encrypted, then after stealing the cookies an attacker can see the information which may contain the username and the password Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 9. Social Engineering Social engineering is defined as a “non technical kind of intrusion non-technical that relies heavily on human interaction and often involves tricking other people to break normal security procedures.” Social engineering hackers persuade a target to provide information through a believable trick, rather than infecting a computer with malware through a direct attack Most of the persons unwittingly give away key information in an email or by answering questions over the phone such as names of their children, wife, email ID, vehicle number and other sensitive , , , information. Attacker use this information for hacking email accounts Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 10. Password Phishing The process of tricking user to disclose user name and password by sending f k emails or setting up f k website which mimics sign-in di fake il i fake b i hi h i i i i pages is called phishing After gaining Username and password, fraudsters can use personal information to: Commit identity theft Charge your credit card Clear your bank account Change the previous password Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 11. Fraudulent e-mail Messages You might receive an e-mail message from e mail bank asking for updated information The message provides the target user with a link to a legitimate site but redirects the user to a spoofed one That message ask for Login, password, and other sensitive information Attacker can use this information for hacking email accounts Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 12. News Source: http://www.consumeraffairs.com/ Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 13. Vulnerabilities Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 14. Vulnerabilities: Web Email While using web based email service, after clicking a link p g , g present in the email body, it transfers from URL of the current page (webmail URL) to the next page (link present) This information is transmitted through third party web servers Information can include: • Email address • Login ID • Actual name Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 15. Vulnerabilities: Reaper Exploit The confidentiality of email can be brought down by the micro virus like Reaper Exploit Reaper Exploit works in the background and sends a copy of reply or forwarded mails to the hacker This exploit uses the functionality of DHTML in p y Internet Explorer, used by Microsoft outlook Email clients who make use of the internet explorer as their HTML engine are vulnerable Email scripting should be turned off to prevent off, from this attack Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 16. Email Hacking Tools Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 17. Tool: Advanced Stealth Email Redirector This program monitors outgoing traffic of the target PC's email client and intercepts all the messages sent from it Intercepted emails are forwarded to a p pre-specified email address Advanced SER does not intercept emails sent from web-based email services like www.yahoo.com, www.hotmail.com etc Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 18. Tool: Mail PassView Mail PassView is a small password-recovery tool that reveals the passwords and other account d il f the f ll i h d d h details for h following email clients: • Outlook Express • Microsoft Outlook 2000 (POP3 and SMTP Accounts only) • Microsoft Outlook 2002/2003/2007 (POP3, IMAP, HTTP and SMTP Accounts)) • Windows Mail • Netscape 6.x/7.x • Mozilla Thunderbird • Group Mail Free • Yahoo! Mail - If the password is saved in Yahoo! Messenger application • Hotmail/MSN mail - If the password is saved in MSN Messenger application • G il - If th password i saved b G il N tifi application, G Gmail the d is d by Gmail Notifier li ti Googlel Desktop, or by Google Talk Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 19. Mail PassView: Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 20. Tool: Email Password Recovery Master Email Password Recovery Master is a p g y program that displays logins and passwords for email accounts stored by: • Eudora • The Bat! • Becky B k • IncrediMail • Gmail Notifier • Group Mail Free • PocoMail • Forte Agent • Mail.Ru Agent • Scribe Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 21. Email Password Recovery Master: Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 22. Tool: Mail Password Mail Password is a universal password recovery tool for POP3 email accounts It recovers all POP3 email logins and passwords stored on your computer by your email software Mail Password emulates a POP3 server and the E-mail client returns the password It supports all email programs, including Outlook, Eudora, The Bat! and more d Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 23. Mail Password: Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 24. Email Finder Pro Email Finder Pro extracts business emails from a file or a directory containing files Fast and simple email address extraction utility Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 25. Email Spider Easy Email Spider Easy is a targeted bulk email marketing software k ti ft Quickly d Q i kl and automatically search and spider f i ll h d id from search engine to find e-mail addresses Integrated with 90 top popular search engines: Yahoo, Google, MSN, AOL, and so on Fast search speed allows upto 500 email extraction thread simultaneously Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 26. Email Spider Easy: Screenshot Figure: Email Spider Easy Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 27. Kernel Hotmail MSN Password Recovery Kernel Hotmail & MSN Password Recovery software recovers th stored or saved password of th the t d d d f the Hotmail and MSN Messenger account from your computer Supports all versions of MSN Messenger pp g Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 28. Kernel Hotmail MSN Password Recovery: Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 29. Retrieve Forgotten Yahoo Password Retrieve Forgotten Yahoo Password cracks Gmail, Yahoo passwords It retrieves encrypted characters hidden behind asterisk**** It restores hacked pop3 email IDs and passwords Features: • Decodes the coded user and owner password which provides the standard security to prevent PDF files from copying, printing, and editing • It reveals the Yahoo, Hotmail, Gmail, Indiatimes, Rediffmail, and MSN account passwords t d Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 30. Retrieve Forgotten Yahoo Password: Screenshot Figure: Retrieve Forgotten Yahoo Password Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 31. MegaHackerZ MegaHackerZ helps you crack passwords to any email address It will help you to get the password you desire, instantly Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 32. Hack Passwords The Email Password hacking software will get you any Password you need eed It allows to take command and control of any email Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 33. Securing E il A S i Email Accounts Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 34. Creating Strong Passwords Best way to protect from hackers is to use the strong password A strong password is one which cannot be determined by automated programs A strong password contains: • Seven to sixteen characters • Choose a phrase or combination of words • Uses three of the following four types of characters: • Uppercase letters (A, B, C) • Lowercase letters (a, b, c) • Numerals (1, 2, 3) • Special characters (` ~ ! @ # $ % ^ & * ( ) _ + - = { } | ( [ ] : " ; ' < > ? , . /) Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 35. Creating Strong Passwords: Change Password Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 36. Creating Strong Passwords: Trouble Signing In Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 37. Sign-in Seal Sign in Sign-in seal protects account from phishing Sign-in seal is a custom text or image set up by the user on the computer User needs to create different sign-in seal for different browsers and computers Do not create sign-in seal on networked g computer Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 38. Alternate Email Address Alternate email address are prompted at signup At the time of password recovery, passwords can be sent to the recovery alternate email address Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 39. Keep Me Signed In/ Remember Me When you login on any site, there is checkbox like "Keep me signed in" or “Remember Me” If you select this option, next time it will automatically open your account in same computer If attacker handles such a system, he will get access to the email account If you are using a public computer it is computer, recommended that you uncheck the checkbox Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 40. Tool: Email Protector Email Protector protects password and automatically logs off your email account Email Protector shows you how to add password protection to your Outlook Express email Figure: Email Protector Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 41. Tool: Email Security Internet Service Provider (ISP) stores copies of all your email messages on its mail servers All the information kept on the servers can b p be easily used against you Email Security always breaks email messages addressed to a group of people to individual messages to ensure y g your as well as respondent’s p security Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 42. Email Security: Screenshot Figure: Email Security Main Window Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 43. Tool: EmailSanitizer EmailSanitizer is a filter between the incoming email server, and your computer EmailSanitizer Lets you keep track of how much spam is being stopped and how many viruses are being destroyed Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 44. Tool: SuperSecret SuperSecret provides secure storage for all of your logins and passwords so th t you only h d that l have one password t remember d to b from now on Only one password is required to use SuperSecret All of your other account and password information is stored securely in an encrypted format on your computer and can be accessed only with your one and only password d l ih d l d Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 45. SuperSecret: Screenshot Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 46. Summary Username and password can be revealed if it is stored in cookie and is not encrypted The confidentiality of email can be brought down by the micro virus like Reaper Exploit A strong password is one which cannot be determined by automated programs Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 47. Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 48. Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited