Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Set A Hacker Alarm On Your Web Mail Box

  • Please log in to reply
No replies to this topic

#1 SifuMike


    malware expert

  • Members
  • 15,385 posts
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:47 AM

Posted 02 August 2007 - 01:32 PM


Your Web mail account is a treasure trove of private and potentially valuable information--and thieves know it. In an online interview, one phisher claimed to make thousands of dollars every day by breaking into people's E-mail accounts and searching for messages that contain financial details.

Normally you can't tell whether you've been hacked in this way. Even if you cannily leave a juicy-sounding e-mail unread, a thief or snoop may read it and then return its status to unread. But with a little bit of know-how, you can create an electronic trip wire that will trigger whenever someone reads a rigged e-mail.

I came across the idea, which takes advantage of a free Web hit counter, in a blog post by Jeremiah Grossman of WhiteHat Security. After I talked with him, we came up with a setup that's easier than the one he originally suggested.

The gist of it is to keep an e-mail message in your account that includes the code for the counter. Opening the attachment trips the counter, thereby alerting you that someone was snooping.

Here's how to set it up:

1. Head over to OneStatFree.com and register for a free Web counter account. You can list anything for the site URL, and use a disposable e-mail address to complete the registration process (click for tips on using such e-mail accounts).

2. Look for an e-mail from OneStat sent to the address you used when you registered. It will come with an attached file named OneStatScript.txt. Save that file, and note your account number. Then delete the e-mail, which has your account details.

3. Give the .txt file a name that will catch a spy's eye, like "BankPasswords," and make it an .htm file so it opens automatically in a Web browser (and trips the counter).

4. Send the file as an e-mail attachment to the Web mail account that you want to monitor. Use a similarly baited subject line, like "Account log-ins," for the message.
Just be sure not to open the file when you send it--you don't want to set off your own alarm.

5. Sit back and wait like the patient spy-catcher you are. If anyone opens your rigged attachment, the hit counter will reflect that fact and will record information about them, including the IP address of the accessing computer. To check the counter stats, just log back in to your account at OneStatFree.com.

Of course, the way to maximize your protection is to avoid keeping sensitive financial data in your Web mail in the first place. The excellent, free Stanford Password Hash browser add-on provides additional security by making it easy to use strong, unique passwords for all of your accounts.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users