E-mail account cracking is indeed one of the most exciting and sought after
attacks through the internet, though many industry veterans consider such
attacks merely lame. Although there is no particular guaranteed method
of breaking into a victim's e-mail account, there are definitely a few different
techniques the are commonly used by attackers, namely:
1) Password guessing
2) Dictionary based attacks
3) Brute Force attacks
4) Forgot Password cracking
5) Phishing attacks
Password guessing:
The most common method of password cracking is guessing.
Although it requires a lot of luck, it can be successful sometime. To start to guess
the password, you first need to gather all kinds of information about victim.
like phone number, birthday, parents names, girlfriend's name, pet's name etc.
Some of the most common password that an attacker usually guesses are:
1) Loved one's name + Birthday/Phone number.
For example, sneha010489
2) Victim's own name + Birthday/Phone number.
For example, danish015831
Dictionary based attacks:
Dictionary based password cracker try out all passwords from a given predefined
dictionary list. These are faster but more often than not are unsuccessful and do
not return the password. As they do not try out all combinations of possible keys,
they are unable to crack password which have symbols or numbers in between.
Brute Force attacks:
A password attack that does not attempt to decrypt any information but continue to try different passwords. For example, abrute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to the account using a brute-force attack, the program would try all the available words it has to gain access to the account. Another brute-force attack is a program that runs through all letters or letters and numbers until it gets a match.
Although a brute-force attack may be able to gain access to an account eventually, these attacks can take several hours, days, months, and even years to run. The amount of time it takes to complete these attacks is dependent on how complicated the password is.
Forgot Password cracking:
The forgot password attack can definitely be labelled as an extension to the
password guessing attack. All email service providers have an option that
allows users to reset or retrieve their email account password by simply
answering a few predefined question.
For example , Yahoo require users to enter only their birthday, zip code
and country to reset the email account password. This information is so
public that so many people can have access to it and can easily reset the
victim's email account password.
Phishing attacks:
click here
