Hackers are becoming smart enough to atmost extent and it has been stated earlier that cheating the computer is very difficult whereas cheating the human who is using the computer is very easy. Recently a new way of #Hacking Gmail has been revealed.
Hackers around the world works towards the same goal that is to steal other's details or to compromise other's privacy. Israel hackers are now following an entirely new way of stealing Gmail credentials.
Actually many will suggest the best way to secure the account is to enable the two factor authentication technique in which the code will be sent to the registered mobile number. But that too can be compromised according to the new technique.
Let's have a look at the attack. The attacker will send a fake message pretending to be from Gmail or Google account and will state that suspicious login detected password reset needed.
If the user is in hurry or little careless then he / she will click the specially crafted password reset link available in the message which is purely fake. On clicking the link the user will be prompted to type the old password.
While he enters the old (Existing) password the password will be sent to the attacker and he tries to login at the same time when the victim is typing new password. After that the code will be sent to the victim's phone.
Victim considering the code to be entered in the last box enters the code and press submit. Thats it the attacker got the current session's code and the password. The same technique is also applicable to Automated call for verification.
This is the new technique that has been followed these days and the users are recommended not to click on any untrusted website and provide credentials.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment