Very recently one of my friend's email account was hacked which was linked to various social networking sites and banking sites. It is sad because it causes lot of panic and pain plus the hacker has the complete control of the account and can do whatever he/she wants with that account. I am going to discuss what you can do avoid getting into such troubles and if you do manage to land up in the trouble what you can do minimize the level of attack.
The Problem:
In most of the cases such kind of attacks are carried through persuading people into clicking on some web link or downloading an email attachment or filling out a form which has been sent through a trusted resource. This type of technique is fairly common and very commonly known as Social Engineering. No Anti Virus software or a firewall can protect you against this kind of attack because there is no flaw in the type of software you are using that needs to be exploited for such attacks. These attacks thrive on persuading people to believe in what they see, for e.g. if a guy receives an email where the title reads "Nude pictures of Anna Kournikova", there is no chance in hell that he will not open that email and click on the attachment that accompanies it :). There are plenty of such examples where people give free stuff over the internet by just asking your bank account information, now always remember every offer or scheme has a price attached to it, nothing comes for free. The price in this case is the money in your bank account or your dear ones bank account.
In my friend's case the attacker sent a form to be filled with two simple fields in it Username and Password, ( http://v2.jotform.com/form/12092347808) you can click on it and see for yourself but be careful in posting your username and password in it. If put in any bogus username and password in it you'll realize that the password is being visible in clear text. That should raise an alarm right there before you hit the submit button.
When I was growing up I used to watch WWF and Stone Cold Steve Austin was my fav and I used imitate his slogans which read "Don't Trust Anybody" DTA. Today I realize that on internet it has become so very true ;)
To learn more about what Social Engineering is have a look here: http://www.microsoft.com/protect/terms/socialengineering.aspx
The Solution:
Like I stated above Don't trust anyone on the internet. No one is interested in giving you free gifts or heavy discounts so stop believing such offers. If you do get some suspicious email from your friends or family before blindly following such emails check with that person whether he/she has actually sent you that email or that link.
We all love playing games and quizzes on facebook/orkut and other social networking sites. While facebook is courteous enough to tell you before click on any application that you're personal information will be shared but still people don't really care. There have been incidents in the past where someone got hacked because he/she was playing some online game through these social networking sites.
Friend Finder on these sites is another such resources for attackers because you reveal your personal email account information on a social networking site to let it query your friend list for your personal account. Imagine if this information gets into bad hands what will happen, that person will query your friend list for sure but not for the purpose the it is intended for. Hope you know what I mean :)Always be careful in providing your bank information over phone or on any website which is not owned directly by the Bank.
If you still manage to get yourself hacked and you come to know that the hacker is using your account to hack other people or he/she is using your personal information to post fake things about you on social networking sites or he/she is able to get to your bank account since your eamil account was linked to that account then you should report it immediately to the local/regional cyber crime department. You can never imagine what an attacker has in mind and what he/she can do with your email accounts.
Every country has their own Computer Emergency and Reponse Team (CERT), and they are more than willing to you out. Secondly, block all the accounts which were linked with your personal email account. Try reaching out to your contacts on these accounts and make them aware that your account has been hacked so if hacker tries to contact them using their account they should know that its not you who is asking for money :)Hope this information helps you in staying safe while browsing on the internet or playing online games through social networking sites.
The Problem:
In most of the cases such kind of attacks are carried through persuading people into clicking on some web link or downloading an email attachment or filling out a form which has been sent through a trusted resource. This type of technique is fairly common and very commonly known as Social Engineering. No Anti Virus software or a firewall can protect you against this kind of attack because there is no flaw in the type of software you are using that needs to be exploited for such attacks. These attacks thrive on persuading people to believe in what they see, for e.g. if a guy receives an email where the title reads "Nude pictures of Anna Kournikova", there is no chance in hell that he will not open that email and click on the attachment that accompanies it :). There are plenty of such examples where people give free stuff over the internet by just asking your bank account information, now always remember every offer or scheme has a price attached to it, nothing comes for free. The price in this case is the money in your bank account or your dear ones bank account.
In my friend's case the attacker sent a form to be filled with two simple fields in it Username and Password, ( http://v2.jotform.com/form/12092347808) you can click on it and see for yourself but be careful in posting your username and password in it. If put in any bogus username and password in it you'll realize that the password is being visible in clear text. That should raise an alarm right there before you hit the submit button.
When I was growing up I used to watch WWF and Stone Cold Steve Austin was my fav and I used imitate his slogans which read "Don't Trust Anybody" DTA. Today I realize that on internet it has become so very true ;)
To learn more about what Social Engineering is have a look here: http://www.microsoft.com/protect/terms/socialengineering.aspx
The Solution:
Like I stated above Don't trust anyone on the internet. No one is interested in giving you free gifts or heavy discounts so stop believing such offers. If you do get some suspicious email from your friends or family before blindly following such emails check with that person whether he/she has actually sent you that email or that link.
We all love playing games and quizzes on facebook/orkut and other social networking sites. While facebook is courteous enough to tell you before click on any application that you're personal information will be shared but still people don't really care. There have been incidents in the past where someone got hacked because he/she was playing some online game through these social networking sites.
Friend Finder on these sites is another such resources for attackers because you reveal your personal email account information on a social networking site to let it query your friend list for your personal account. Imagine if this information gets into bad hands what will happen, that person will query your friend list for sure but not for the purpose the it is intended for. Hope you know what I mean :)Always be careful in providing your bank information over phone or on any website which is not owned directly by the Bank.
If you still manage to get yourself hacked and you come to know that the hacker is using your account to hack other people or he/she is using your personal information to post fake things about you on social networking sites or he/she is able to get to your bank account since your eamil account was linked to that account then you should report it immediately to the local/regional cyber crime department. You can never imagine what an attacker has in mind and what he/she can do with your email accounts.
Every country has their own Computer Emergency and Reponse Team (CERT), and they are more than willing to you out. Secondly, block all the accounts which were linked with your personal email account. Try reaching out to your contacts on these accounts and make them aware that your account has been hacked so if hacker tries to contact them using their account they should know that its not you who is asking for money :)Hope this information helps you in staying safe while browsing on the internet or playing online games through social networking sites.
