Hacking Gmail or Google is the second most searched account hacking topic in the internet next to hacking Facebook account. This article is some what similar to my previous article about Facebook password hacker.
People think that hacking in to a GMail account is easy and all they need is a hacking tool either online or offline but the truth is very different. I found many Gmail hackers are available around the internet but you know what? All of them are fake and posted only in the intention of making money.
Then how come a few people get their Gmail account password hacked when there is no hacking tool? There is no easy way to do it but it does not mean that it is impossible. Yes there are ways to hack in to a Google account. I have prepared a detailed list of how hackers could hack Gmail / Google account and it's prevention measures.
Please bear in mind that this article is posted for education purpose and must not be used for malicious purposes.
Phishing is the most common technique used for hacking Gmail account password and it has highest success rate while comparing to all other gmail password hacking methods due to its trustworthy layout and appearance. It do not need much technical knowledge to get a phishing page done and that is why phishing is widely used for hacking gmail passwords.
How phishing works?
In simple words, Phishing is a process of creating a duplicate copy of a reputed website's page in the intention of stealing user's password or other sensitive information like credit card details. In our topic, Creating a page which perfectly looks like Gmail login page but in a different URL like gooogle.com or gmaail.com or any URL that pretends to be legit. When a user lands on such a page, he/she might think that is real Gmail login page and asking them to provide their username and password. So the people who do not find phishing page suspicious might enter their username, password and the password information would be sent to the Gmail hacker who created the phishing page, simultaneously the victim would get redirected to original Gmail page.
Example : Alex is a programmer who have little knowledge in web technologies (Gmail hacker in our context). He creates a login page that perfectly looks like Gmail login page with a PHP script in background that helps alex to receive the username and password typed in the phishing page. Alex put that phishing page in a URL – https://www.gmauil.com/money-making-tricks.html. Alex sends a message to Peter "Hey Peter I found a way to make money online you must check this out https://www.gmauil.com/money-making-tricks.html". Peter navigate to the link and see a Gmail login page. As usual Peter enters his username and password. Now the username and password of Peter would be sent to Alex (that background php do that sending process) and Peter is redirected to a money making tips page https://www.gmauil.com/money-making-tricks.html. That's all Peter's Gmail account is hacked.
How could you protect yourself from Gmail phishing?
Hackers can reach you in many ways like gmail emails, personal messages, Facebook messages, Website ads etc. Clicking on any links from these messages would lead you to a Gmail login page. Whenever you find a Gmail or Google login page, you should note only one thing that is URL because nobody can spoof / use Google URL except when there are some XSS zero day vulnerabilities but that's very rare.
- What is the URL you see in browser address bar?
- Is that really https://mail.google.com/ or https://www.gmail.com/ (Trailing slash is important since it is the only separator in Google chrome to distinguish domain and sub domain. Check out the below examples to know the difference)?
- Is there a Green color secure symbol (HTTPS) provided in the address bar?
Keeping these questions in your mind would prevent you from getting hacked of phishing. Also see the below examples of phishing pages.
Some super perfect phishing pages are listed below.
Note the misleading URL – Gmail / Google Phishing Page
Most people won't suspect this page (snapshot given above) since there is https prefix with green color secure icon and no mistake in accounts.google.com. But this is a phishing page, how? Note the URL correctly. It is https://accounts.google.com.infoknown.com so accounts.google.com is a subdomain of infoknown.com. Google Chrome do not differentiate the sub-domain and domain unlike Firefox do.
SSL Certificates (HTTPS) can be obtained from many vendors, few vendors give SSL Certificate for Free for 1 year. It is not a big deal for a novice to create a perfect phishing page like this. So beware of it.
This is normal phishing page with some modification in the word Google.
This is the second most common technique of hacking Gmail accounts. Actually this method shouldn't come under Hacking since there is no much knowledge required here. I am listing this method under hacking to ensure the list of most common techniques used for Gmail account hacking in their respective order. Social engineering is basically a process of gathering information about someone whose account you need to hack. Information like date of birth, their mobile number, their boyfriend / girlfriend's mobile number, nickname, mother's name, native place etc.
How Social Engineering works?
Many websites have a common password reset option called Security Question. Most common security questions would be "What is your nickname?" , "What is your 10th grade score?" , "What is your native place?" or any custom questions defined by user. Obtaining these information from the respective people might let us hack into their account. Gmail too provides security question as password recovery option. So if anyone get to know the answer of it, they could hack your account using forgot password option.
Most Common and Weak Passwords
Hack GMail account is done against the security Question that does not let you get into others Gmail account easily. But setting a weak password could easily allow any of your friends to hack into your account. What is a weak password in this scenario? A password which can be easily guessed by a third person is called weak password. Below are some of the most common passwords people tend to use in Gmail.
Nickname / Name and Date of Birth Conjunction
Boy Friend's / Girl Friend's Mobile Number – Most of the lovers ??
Boy Friend's / Girl Friend's Name – Most of the lovers ??
Boy Friend and Girl Friend Name Combination
Unused / Old Mobile Number
Closest Person Name (can be friends too)
Now be honest and comment here if you are one of the people who have any one of the common passwords mentioned above. Don't forget to change your password before making a comment ??
How could you protect yourself from Social Engineering?
Don't have a weak or familiar security question/answer. It should be known only to you. You should always keep your recovery phone number and email updated.
Most Common and Weak Passwords
Very simple. Change your Gmail password now if you have any one of the weak passwords stated above. So be careful with GMail hack.
Hope this article make you fun!