How to Hack Gmail Account Password In Minutes And Its Prevention
By:- Shubham Yadav [Certified Ethical Hacker]
How to hack a Gmail account password?
Hacking Gmail or Google is the second most searched account hacking topic in the internet next to hacking Facebook account.
People think that hacking into a Gmail account is easy and all they need is a hacking tool either online or offline but the truth is very different. I found many Gmail hackers are available around the internet buy you know what? All of them are fake and posted only in the intention of making money.
Do you think an innovative company like Google is dumb in identifying such hacking techniques against their multi billion dollar firm. In fact they are very much aware of these hacking techniques through a program called Bug Bounty Program where security researchers / white hat hackers around the world find and report security vulnerabilities (hacking techniques or system weakness) to Google. Google take necessary action immediately and reward those people who made a responsible disclosure to them.
Then how come a few people get their Gmail account password hacked when there is no hacking tool? There is no easy way to do it but it does not mean that it is impossible. Yes there are ways to hack into a Google account. I have prepared a detailed list of how hackers could hack our Gmail / Google account and it's prevention measures.
Please bear in mind that this article is posted in the intention of education people and must not be used for malicious purposes.
1. Phishing
Phishing is the most common technique used for hacking Gmail account password and it has highest success rate while comparing to all other gmail password hacking methods due to its trustworthy layout and appearance. It do not need much technical knowledge to get a phishing page done and that is why phishing is widely used for hacking gmail passwords.
How phishing works?
In simple words, Phishing is a process of creating a duplicate copy a reputed website's page in the intention of stealing user's password or other sensitive information like credit card details. In our topic, Creating a page which perfectly looks like Gmail login page but in a different URL like gooogle.com or gmaail.com or any URL that pretends to be legit. When a user lands on such a page, he/she might think that is real Gmail login page and asking them to provide their username and password. So the people who do not find phishing page suspicious might enter their username, password and the password information would be sent to the Gmail hacker who created the phishing page, simultaneously the victim would get redirected to original Gmail page.
Example:- Alex is a programmer who have little knowledge in web technologies (Gmail hacker in our context). He creates a login page that perfectly looks like Gmail login page with a PHP script in background that helps alex to receive the username and password typed in the phishing page. Alex put that phishing page in a URL:- https://www.gmauil.com/money-making-tricks.html. Alex sends a message to Peter "Hey Peter I found a way to make money online you must check this out https://www.gmauil.com/money-making-tricks.com". Peter navigate to the link and see a Gmail login page. As usual Peter enters his username and password. Now the username and password of Peter would be sent to Alex (that background php do that sending process) and Peter is redirected to a money making tips page https://www.gmauil.com/money-making-tricks.html. That's all Peter's Gmail account is hacked.
How could you protect yourself from Gmail phishing?
Hackers can reach you in many ways like gmail emails, personal messages, Facebook messages, Website ads etc. Clicking on any links from these messages would lead you to a Gmail login page. Whenever you find a Gmail or Google login page, you should note only one thing that is URL because nobody can spoof / use Gmail URL except when there are some XSS zero day vulnerabilities but that's very rare.
a. What is the URL you see in browser address bar?
b. Is that really https://mail.google.com/ or https://www.gmail.com/ or https://accounts.google/com/ (Trailing slash is important since it is the only separator in Google Chrome to distinguish domain and sub domain. Check out the below examples to know the difference)?
c. Is there a Green color secure symbol (HTTPS) provided in the address bar?
Keeping these questions in your mind would prevent you from getting hacked of phishing. Also see the below examples of phishing pages.
Some super perfect phishing pages are listed below.
Note this misleading URL - Gmail / Google Phishing Page
Most people won't suspect this page (snapshot given above) since there is https prefix with green color secure icon and no mistake in accounts.google.com. But that is a phishing page, how? Note the URL correctly. It is https://account.google.com.infoknown.com so accounts.google.com is a subdomain of infoknown.com. Google Chrome do not differentiate the sub-domain and domain unlike Firefox do.
SSL Certificates (HTTPS) can be obtained from many vendors, few vendors give SSL Certificate for Free for 1 year. It is not a big deal for a novice to create a perfect phishing page like this. So beware of it.
This is normal phishing page with some modification in the word Google.
![[100%OFF]Data Analysis & Statistics: practical course for beginners](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwirRc1KirUdGawxwPDhGVhsVGJUkO54Ho2okn4I2pz1ZgozCCcnUSiggiRjFH-XCtWKe-P3euTYzVuA_TlsMQTbXXn0ARTJ-vwXbnqWzCseF2S18g3HRm9blLcsdLZmiAIex2n7V931r0/s72-c/Data-Analysis-Statistics-practical-course-for-beginners.jpg "[100%OFF]Data Analysis & Statistics: practical course for beginners")
![[100%OFF]Data Analysis & Statistics: practical course for beginners](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwirRc1KirUdGawxwPDhGVhsVGJUkO54Ho2okn4I2pz1ZgozCCcnUSiggiRjFH-XCtWKe-P3euTYzVuA_TlsMQTbXXn0ARTJ-vwXbnqWzCseF2S18g3HRm9blLcsdLZmiAIex2n7V931r0/w72-h72-p-k-no-nu/Data-Analysis-Statistics-practical-course-for-beginners.jpg)
No comments:
Post a Comment