[ Hidden Content! ]
PLEASE LEAVE A LIKE AND REP ME
Hacking Gmail or Google is the second most searched account hacking. Hacking into a Google account gives access not only to Gmail but also to their prominent counterparts such as Android (since one can control a android device using Google account), YouTube, Drive, Hangouts, etc.
People think that hacking in to a Google account is easy and all they need is a hacking tool either online or offline but the truth is very different. I have seen many Gmail hackers (both web based & app based) around the internet. All of them are fake and posted only in the intention of making money.
Do you think an innovative company like Google is dumb in identifying such hacking techniques against their multi billion dollar firm. Actually they are very much aware of these hacking techniques through where security researchers / white-hat hackers around the world find and report security vulnerabilities (hacking techniques or system weakness) to Google. Google take necessary action to patch the vulnerabilities and reward those people who made a responsible disclosure to them.
Then how come a few people get their Google account password hacked when there is no hacking tool? There is no easy way to do but it does not mean its impossible. Yes, there are ways to hack in to a Google account but can easily be prevented. The following list details how hackers could hack our Google account and it’s prevention measures.
Please bear in mind that this article is posted for the purpose of educating people and must not be used for malicious purposes.
1 Phishing
Phishing is the most common technique used for hacking Gmail account password and it has highest success rate while comparing to all other gmail password hacking methods due to its trustworthy layout and appearance. It do not need much technical knowledge to get a phishing page done and that is why phishing is widely used for hacking gmail passwords.
How phishing works?
In simple words, Phishing is a process of creating a duplicate copy of a reputed website’s page in the intention of stealing user’s password or other sensitive information like credit card details. In our topic, Creating a page which perfectly looks like Gmail login page but in a different URL like gooogle.com or gmaail.com or any URL that pretends to be legit. When a user lands on such a page, he/she might think that is real Google account login page and asking them to provide their username and password. So the people who do not find phishing page suspicious might enter their username, password and the password information would be sent to the hacker who created the phishing page, simultaneously the victim would get redirected to original Gmail page.
Example : Alex is a programmer who have little knowledge in web technologies (Gmail hacker in our context). He creates a login page that perfectly looks like Gmail login page with a PHP script in background that helps alex to receive the username and password typed in the phishing page. Alex put that phishing page in a URL – https://www.gmauil.com/money-making-tricks.html . Alex sends a message to Peter “Hey Peter I found a way to make money online you must check this out ”. Peter navigate to the link and see a Gmail login page. As usual Peter enters his username and password. Now the username and password of Peter would be sent to Alex (that background php do that sending process) and Peter is redirected to a money making tips page . That’s all Peter’s Google account is hacked. Learn more about phishing.
How can you protect yourself from Gmail phishing?
Hackers can reach you in many ways like emails, personal messages, Facebook messages, Website ads etc. Clicking on any links from these messages would lead you to a Google account login page. Whenever you find a Google login page, you should note only one thing that is URL because nobody can spoof / use Google URL except when there are some XSS zero day vulnerabilities but that’s very rare.
What is the URL you see in browser address bar?
Is that really https://mail.google.com/ or https://www.gmail.com/ (Trailing slash is important since it is the only separator in Google chrome to distinguish domain and sub domain. Check out the below examples to know the difference)?
Is there a Green color secure symbol (HTTPS) provided in the address bar?
Keeping these questions in your mind would prevent you from getting hacked of phishing. Also see the below examples of phishing pages.
Some super perfect phishing pages are listed below.
Note the misleading URL – Gmail / Google Phishing Page
Most people won’t suspect this page (snapshot given above) since there is https prefix with green color secure icon and no mistake in accounts.google.com. But this is a phishing page, how? Note the URL correctly. It is https://accounts.google.com.infoknown.com so accounts.google.com is a subdomain of infoknown.com. Google Chrome do not differentiate the sub-domain and domain unlike Firefox do.
SSL Certificates (HTTPS) can be obtained from many vendors, few vendors give SSL Certificate for Free for 1 year. It is not a big deal for a novice to create a perfect phishing page like this. So beware of it.
This is normal phishing page with some modification in the word Google.
2 Social Engineering
This is the second most common technique of hacking Gmail accounts. Actually this method shouldn’t come under Hacking since there is no much knowledge required here. I am listing this method under hacking to ensure the list of most common techniques used for Gmail account hacking in their respective order. Social engineering is basically a process of gathering information about someone whose account you need to hack. Information like date of birth, their mobile number, their boyfriend / girlfriend’s mobile number, nickname, mother’s name, native place etc.
How Social Engineering works?
Security Question
Many websites have a common password reset option called Security Question. Most common security questions would be “What is your nickname?” , “What is your 10th grade score?” , “What is your native place?” or any custom questions defined by user. Obtaining these information from the respective people might let us hack into their account. Gmail too provides security question as password recovery option. So if anyone get to know the answer of it, they could hack your account using forgot password option.
Most Common and Weak Passwords
Security Question does not let you get into others Gmail account easily. But setting a weak password could easily allow any of your friends to hack into your account. What is a weak password in this scenario? A password which can be easily guessed by a third person is called weak password. Below are some of the most common passwords people tend to use in Gmail.