It is very usual case now a days that mail accounts are getting compromised due to various reasons. I feel public awareness on Cyber Security is much needed. Specially in countries like India. Here are few ways to hack mail account which I collected from Google security forum.
There are many ways an account can be compromised/hacked. A few (but by no means all) of the common ones follow some what in order of frequency used:
* Requesting (often with threats of closing an account) a user to provide login/password information by return e-mail or by redirecting to a web-site that masks itself as legitimate.
* Never respond to an e-mail that requests your login:password. Never follow a link that doesn’t go to to a known url (for example: http:\\gmail.google.com\ is NOT the same as http:\\gmail.google.com.junk.ru\). Be aware that the url printed in the message may not be where the link actually goes so verify before you click.
– Phishing: http://mail.google.com/support/bin/answer.py?hl=en&answer=8253
– Reporting: https://mail.google.com/support/bin/answer.py?hl=en&answer=29381
– Scams: http://mail.google.com/support/bin/answer.py?hl=en&answer=29380
Common password usage
* Using the same password for multiple accounts so if someone breaks into one (like Facebook) they can get into others. Getting access to an e-mail account can often lead them to Paypal, Ebay, YouTube and many other accounts.
* Make sure you use a unique password for every site where you have an account. Especially critical for financial sites, or sites with links to other accounts (like social networking or e-mail sites).
– Changing passwords: http://mail.google.com/support/bin/answer.py?hl=en&answer=6567
– Selecting passwords: http://mail.google.com/support/bin/answer.py?hl=en&answer=29409
* Related to the above in that one account has information leading to other accounts. If they gain access then they know about the other accounts too. This is hard to protect against when a forum or social networking site requires an e-mail address (if they break into the one site, look at your settings, they know your e-mail address too).
* Do not store login:password information in an e-mail account where it can be accessed should the account be compromised. Also consider a “junk” e-mail address for all forum/web-site registrations so it does not lead back to your primary account.
Failing to log out
* Failing to close your account on a computer that others have access to (like at work, school, or library) so that anyone else can access your account.
* Always close your account when you walk away from your computer (even at home for some people).
– Sign out: http://mail.google.com/support/bin/answer.py?hl=en&answer=8154
Browser auto-fill enabled
* Like the above, having the browser configured to enter your login/password automatically so anyone using the computer can gain access to your account.
* Never use the browser’s auto-fill capabilities unless you’re on a 100% private, secure, and trusted computer.
– Clear saved data: http://mail.google.com/support/bin/answer.py?hl=en&answer=12095
* Any computer accessible by others can have a keylogger installed which will capture your login/password for any site you visit.
* Never log into your account on a public computer (like at a library) and be very cautious using any computer that others have access to (like at work or school).
* While not strictly used to steal an account, could do damage to your account or use it to send spam while you’re logged in.
* Always keep virus scanners enabled, and using up-to-date definition files. Regular use of malware type scanners is good too.
– Virus protection: http://mail.google.com/support/bin/answer.py?hl=en&answer=8493
– Anti-virus scanning: http://mail.google.com/support/bin/answer.py?hl=en&answer=25760
* A brute-force method of guessing someone’s password, made easier if they know you in real-life, especially if you use a weak password (like a kid’s or spouse’s name).
* Follow standard password generation safeguards: no common words or proper names, no patterns (1234 or qwerty), use mixed case and include numbers or punctuation, etc.
– Strong passwords: http://mail.google.com/support/bin/answer.py?hl=en&answer=29409
* When someone compromises a company’s server gaining access to account or private information for a large number of users. This is typically seen in large identity-theft cases.
* Nothing you can really do about this except deal with only reputable companies with good privacy policies.
Network packet capture
* Using software or hardware on wireless or free hot-spot networks to capture information.. Pretty rare, but still possible for non-encrypted networks.
* Very little you can do about this except avoid using any unsecured wireless networks.
Stay safe and secured. Please share if you feel it will make people aware about methods of mail hacking.