If a hacker can steal your passwords by installing malware that captures all the messages you type

1. Hacking of the E-mail account:-

The email account of the victim is hacked by using various tools to capture the password of the account. This can be achieved by:-

• Sending phishing emails purportedly from genuine email accounts of the email service (but actually fake). The email contains links that prompt you to visit a page for updating your password and other credentials on the pretext of some system update, data loss, technology upgrade, regulatory compliance, etc. The links direct you to a fake page where, once you enter your login ID and password, the same get stealthily stolen by the fraudsters.

• Sending you unsolicited/spam mails containing attachments that have malwares embedded in them. Once such emails are opened and attachments activated the malware gets discreetly downloaded and installed on your device. The malware could be a keylogger that captures and sends all the keyboard taps to the fraudsters, which includes your account passwords. The other possible malwares could be ones that capture screenshot or read and transmit saved passwords.

• Email accounts having 2-factor authentication can also be got hacked when users share their OTP with fraudsters after getting tricked by social engineering tools.

2. Once an email account has been hacked the criminal can misuse the account for the following purposes:-

• Sending SOS mails to all your contacts asking for money citing some emergency such as passport, wallet etc. getting stolen in a foreign country, etc.

• Sending offensive messages to your friends and relatives or asking for some ransom for not sending such offensive messages.

• Sending mails to your clients and customers asking for payment of dues/remittances in a different bank account, thus swindling with your money.

• Using the unauthorized access to your email to gain access to your other online accounts, such as other email accounts, net-banking accounts, social media accounts, etc.

Preventive Measures/Precautions

1. Use two-factor authentication. Two-factor identification requires you to enter a code sent to you in a text message or another service to access your account after you enter your user name and password. This makes it more difficult for a hacker to access your information, even if they are able to crack your password.

2. Do not open SPAM mails or e-mails sent from unknown senders. Do not click on any link sent on such mails.

3. Be cautions while opening links sent in unsolicited e-mails even if they are sent from someone in your contact-list. Such known contacts’ email account may have been compromised and thereafter used to sent malicious codes to unsuspecting contacts

4. Do not click on attractive and tempting links sent over a WhatsApp message or routine SMS. They may lead you to malicious pages and cause malware intrusion on your system/device. Hackers use social engineering to trick you in clicking the links. Don’t fall for it.

5. Keep your e-mail password long and difficult. Password should have at least 8 characters and there should be at least one upper-case, one lower-case, one numeral and one special character in your password.

6. Don’t store your passwords in your device (phone/tablet. etc). Anyone getting access (physical or remote) to your device will easily get to know your passwords.

7. Don’t disclose your password to anyone and keep changing it at regular intervals (2-4 months).

8. Always have a lock screen on your smartphone, tablet, laptop, etc protected by a PIN or password. Do not keep your device open and unattended even for a minute, esp. in public places and your workplace.

Advise for victims

1. Contact your email service provider and request them to temporarily block the account for preventing its misuses by the hacker. Support your request for blocking with documents such as ID proof, screenshots of earlier mails, Inbox etc.

2. Send email/messages to all your contacts from an alternate email account requesting and alerting them to not to respond to emails coming from the hacked email.

3. Write to all service providers where your hacked email account is given as communication address to not to entertain any request from the compromised email account without secondary manual checks with you over the recovery/alternate mode of communication.

How to make a complaint:

1. If your compromised email account has been used to send mails, then take a print-out of the alleged mail along with full headers.

2. Note: Take full header only from the first receiver’s email account (not from the forwarded ones).

3. Collect documentary evidence (e.g. screenshots, bank transaction statements, etc.) of the misuse of the hacked account.

4. Lodge a complaint at your nearest Police Station detailing the complete incident along with the above documents.

5. Save a copy of all the above mentioned documents in soft form and provide them to the Police Station Investigating Officer on a CD-R.

How can malware steal your password?

What is it called when a hacker is able to get into a system through a secret entryway in order to maintain remote access to the computer?

What type of attack can a hacker perform that involves injecting malicious code into a website?

What is it called if a hacker takes down multiple services very quickly with the help of botnets a SQL injection?