Published on January 6th, 2013 | by Rashid Feroz8
The real truth behind hacking of Facebook and other email accounts
Do you get scared when you hear the word ‘hacked’ ?
Does this word give you Goosebumps when you get to hear that your friend’s mail account just got hacked by an unknown person. And it might scare you even more when that account is used for some unethical purposes. If that is the case, then you need to know that one of the best methods to protect yourselves is awareness.
So, the question is – How they do it?
They are not magicians or some serious nerds sitting in a dark basement with many computers and powerful programs loaded on them as seen in Hollywood movies. They are just ordinary guys like you.
Neither is it that that social network or email company is so foolish that they allow hackers to hack them. They spend millions of dollars on their network security and majority of them are almost impenetrable.
It’s only you who allows them to hack your accounts!
Almost everyone today has got an email id or has an account on Facebook or some another social network. And every next day we hear that somebody’s Facebook account got hacked. As cyber security and privacy are important issues nowadays, we need to be well informed about these things and how to protect ourselves from these kind of hacking attacks.
So let’s proceed.
HOW AND WHERE ARE YOUR PASSWORDS STORED?
You should keep one thing in mind, the passwords you provide while registering anywhere on a mail service or a social network stays in only two places.
1. Website database (website database server)
2. In your mind (unless you have told your girlfriend/boyfriend)
It’s not stored anywhere else on your PC, web browser or in cookies or cache memory.
And hacking into a major mail providers website database is almost impossible as they spend millions and millions on their security and regularly check for any vulnerability or bug. So method 1 will not work. If someone claims to do so, they are totally fooling you. Every method directly/indirectly involves victim’s carelessness/lack of knowledge.
HOW THEY HACK YOUR ACCOUNT!
I can classify the ways of hacking someone’s Facebook account or any other mail accounts into 4 methods or ways.
The most major one is,
This is a special kind of software which logs your every keystroke and sends them anonymously to the hacker. They remain hidden and work in the background within Windows every time a computer starts up.
Thus when you type your email address and password in the login page, it gets recorded and secretly sent to the hacker. So how does this nasty software get installed in your computer?
Here USB drives and the internet play a major role. The hacker might send that Trojan through a mail attachment. It might seem an ordinary file to you, with nothing suspicious about it. But once it gets into your system, you are done! You might have downloaded different pirated software or cracks from various file hosting or torrents and it might come infected with Trojans or keyloggers as legit software. But don’t always trust them. Or it might arrive in your PC from your pen drive that the hacker has arranged for.
2.SOCIAL ENGINEERING OR PASSWORD GUESSING
Many of you keep common passwords like your girlfriends/boyfriends name attached with your name, your birth date or your pet name or your mobile number, which makes it easy to guess the password. And you all know your password can be recovered from recovery options. If the hacker knows you personally, it’s not that tough for him to guess your security question or password, if you keep an easy one.
One of the most widespread and best method to get passwords. You might get an unknown link on a chatroom or inbox to login there as the company wants to check something or you can earn money from it. Never trust them. Facebook or any other company would never ask you to login through a special link or something. Always check your URL/Address bar if the address is the same as the website. The attacker might make a fake page of the website login page that looks exactly the same as the original website login page, host it somewhere and then send it to you. As you enter your login details the login info gets stored and you get redirected on the original website as nothing happened. So always check the website URL bar before logging in.
4.SESSION HIJACKING OR COOKIE STEALING
When you login on a website, it provides you with a cookie which tells the website that the respective user is online from his PC and his activities on the website . If the attacker somehow gets this cookie, he would be able to open your account without providing a password. This works well on WiFi or LAN networks. There is also a software named ‘firesheep’ for it. But you can protect yourselves by using https while on a login page. It’s a very minor method and rarely anyone gets hacked by it. Still you should be informed of it.
STEPS TO FOLLOW TO AVOID GETTING HACKED
1. Install a good antivirus software that would protect you from keyloggers or various other Trojans. (Personally I would recommend quick heal).
2. Use onscreen keyboard to login when using a shared PC or a friend’s PC. It will prevent your login info from getting recorded.
3. Never write your passwords anywhere and don’t share them with anyone.
4. Avoid downloading software or cracks from unknown sources or torrents. Even if you use pirated software, use a known and legit source to download from.
5. Don’t carelessly open your email attachments sent by unknown people. If you are not sure about a file, open it in sandbox.
6. Always scan your removable drives before accessing them.
7. Use a strong password that is not easy to guess. Choose a complex security question and answer so that nobody can guess it. Take care of your secondary email address as well.
8. Always check the login page URL before logging in. You might get trapped into phishing.
If an unknown person sends you unknown links over messages, ignore them. Even if you clicked on it, never login from there if a login page comes there.
9. Always check whether your Facebook login page is using https:// or not. If not, then enable it from settings. It will prevent your session from being hijacked.
10. There is no software or online service available on the internet that can hack mail accounts. If they claim to do so, they are fooling you. Don’t fall for these, you might end up losing your own email account.
11. Provide a secondary email address and mobile phone number while signing up. If you get hacked, you can recover your password from there.
WHAT TO DO WHEN YOUR MAIL ACCOUNT GETS HACKED
Don’t panic, there’s a 80% chance that you can get your account back.
Whenever someone changes your accounts password, you would get a password change notification email at your mail address. Almost every mail provider or social networking website provides you there with a link to reset it, if you have not initiated it yourself. If the attacker removes your email address from Facebook, even then you will get an email to reset it. Just check the mails carefully.
You will get another email on your secondary email address if the primary one is not in your hands now. You can easily recover from there. Register your mobile phones with the websites, you can even reset your password from there. If nothing works mail that organization with the details and they will provide you with a form, fill it up and you will get your account back.
If you follow these steps there is 99% chance that you will never get hacked nor will your friends and family.
I would appreciate your reviews and comments to post further about such topics.
– Rashid Feroz (http://facebook.com/rashid.feroz1)