Are you Sure your Email isn’t being Hacked?

[…] set up an “electronic tripwire” so if someone breaks into your account, you’ll know about it.read more | digg story Bookmark This Post Hide […]

Very nice use of onestat Mark. I will definitely try this on my email account.

Wow! Very nice tips! I never realize people can hack our email easily, and honestly I dont care about it. Since I’m using Gmail, I think it 100% safe. We trust Google, do we? I’ll definitely try this out. Hope the One Stat dont get hack later on..

Correct URL for OneStat free hit counter should be:

http://www.onestatfree.com/

one way to secure your emails is Pretty Good Privacy. You can encrypt the mail you are sending and also put a signature on them.

No cracker will phish them on their way and your signature validates your identity.

This is surely a grate piece of tips that should try everyone, I think. Thanks for sharing this new idea.

That seems like a lot of work. If you have any concerns that the account has been compromised why not just change the password and be done with it?

sounds like an a good idea, i have to try this out!

Mark:

Although this may function to reveal someone snooping your inbox; it is not going to catch someone who is definitely intelligent enough not to be caught. To be completely honest, especially as an individual with a background in security; it would not be executed. The file would be edited initially through vi, notepad, or any other text-based editor to reveal its contents prior to any execution.

This prevents people from having things exposed. However, using this psychology against hackers is entertaining because it is the same psychology that is used against their targets and victims.

Decent write-up but I don’t think it is going to stop anyone from doing anything; especially if they know what they’re doing.

Like Justin said, this doesn’t seem to be helpful against hackers…

Rather, IMHO, I think this is better suited for catching your roommate/spouse/siblings/parents checking your e-mail rather than expecting to catch a hacker.

I know you say its not meant to be foolproof, Mark, but it still gives false hope… and false hope that your account has not been taken over is the very thing your system is supposed to fix =P.

Looks like the original article was written by Erik Larkin at Network World:
http://www.networkworld.com/news/2007/072607-set-a-hacker-alarm-on.html?zb&rc=sec_services

Or use a embedded counter image on a seperate website as a counter. And save a normal HTML mail without any a attachment that might not be opened. And hope the email gets openend with auto download www images on.

This is pretty lame. You have to check *every single day* just on the offchance that somene has not only hacked your account, but taken the bait. That’s a lot of negatives, and probably some false negatives. It seems to rely on someone being smart enough to figure out your password, but dumb enough to think that your “passwordlist” is going to be stored on some external site with no password. Uh…

I can think of security measures that would work (eg, an innocuous looking image or something that you must click within 5 seconds of logging in or trigger a password-changing alert), but they’d have to be built into the email software.

Steve

This would never work.

A savvy techie would open an unknown html doc in a
text editor first.

It’s a nice and elegant method, but as mentioned above has holes and weeknesses.

I think it just supports the point that if your email box is at all sensitive (passwords, accounts, etc) you should be changing your password once a month at the very least.

Ben

Another thing you can do, especially if you are using Gmail is go into the .txt file, search for “fraud click” and change it to something else (because in the gmail message and if you open the html file in gmail it shows the alt text and link text in the message summary. (there are two instances of “fraud click” in the script.

This is all ultimately worthless. The real issue; if your email service is compromised comes down to good old user-prevention. Create strong passwords, change modestly strong passwords (less than 7 characters,) regularly. Do not save passwords in your browser, text files, or on post it notes under your mouse pad!

Scan regularly, keep your computer tidy — fundamental elements that should all be followed prior to even feeling safe on a computer. Prevention is key to successfully maintaining your identity, online or off-line.

Stay ahead; be proactive!

Sometimes I get into my ex-girlfriend´s mail account to read her emails, I didn’t hack it, I have always known the password because I created the account and she never thought to change the password even after our breakup.
I read it then I always mark the email as unread.
Yeah I´m a bastard but I cant get over her.
http://www.spymac.com/details/?2146727

Although I haven’t personally used this service, there are only two “effective” ways to count a hit on an email. The first is if a small image, usually a 1×1 pixel image, is embedded in the page and is hosted by the counter service website OR for there to be a script that is fired off when the page is opened…again, hosted from the counter service website. The trouble is that most email browsers have a “click here to download images”. Only if the user grants permissions to download images will anything besides cleartext be displayed, rendering the hit-counter inoperable. A smart hacker would not likely click to download images. But you’re roommate - you’d probably catch them without much trouble

For GMail users it would be better to embed the counter HTML/image or whatever, directly into an e-mail so it is opened when the e-mail is viewed. GMail users will have to click “Always Display Images for xxx@xxx.com” to ensure that it will be accessed. People with their own domains can set up their own snazzy traps, to avoid using third-party stuff. For example Apache with MultiViews enabled in the .htaccess will allow such a thing as tracker.gif.php that will be accessible as tracker.gif, when accessed you could write the data to a log file, or send an e-mail to your phone. Snazzy indeed.

I’m gonna go make my own right this second.

Greate idea.

I’ve just try it out. Hope nobody have stole my gmail account. It’s terrible.

[…] (via makeuseof.com) […]

[…] Recently one of my friends got his mail box hacked and i know the pain! So just check out the preventive steps on being safe. Always prevention is better than cure! Posted under Tips n Tactics […]

PC World had something on this a while ago; I subscribe to it.

great! i just did this.

if the hacker blocks his pc’s outbound connection to http://www.onestatfree.com?

haha, very nice trap!

This is exactly the one security feature I wish google had (but my idea was slightly different)…

Knowing a lot about web security vulnerabilities this has always made me very leary about using email anywhere but my own home and even then a bit worried someone could attempt to hack or crack into my account.

My idea for Google email which I DID recommend to them is that they simply put a last login time or last accessed time. Simple yet very effective but until then this method will have to do and is a great idea. Only one downside about my method is that if a Google employee were to log into your email account and snoop around they could simply reset the last login time back. So in a way this is more secure against Google but then again Google could simply download your email as a text only file and circumvent the HTML from being loaded

Why doesn’t gmail just show the IP/ISP and time of the last login. If it’s not your IP or at the wrong time you’ve been hacked. Some linux distros already show this info when you login via terminal.

The only way round this is for the hacker to access the account from your connection at the same time you do. Not many hackers will go to these lengths.

I will try these suggestions. Thanks for this.

How about being a little alert so that your account don’t get hacked in the first place?

.

If you account is hacked, 99% of the time you are fault.

Nice tip =)

I’ll have to try this one.

[…] Source [Make use of] […]

@Dave

My online bank account does the same. It shows the last time you logged in and the IP address.

I have submitted feedback to Gmail through their Help > Feedback. If everyone reading this, does the same, Gmail should pick it up soon I hope.

A friend of my wife had the same problem with an ex-lover stalking here. He had placed a key logger program. That friend is blond, so she didn’t know how to remove it This guy went quite crazy, even stalking here father etc.

Would never work if the guy has half a brain… Why would you execute a file called passwords.htm? No one stores their passwords in an HTML file, if you’re that new where your passwords are stored in a single file; you probably don’t know how to create an HTML file.

The best way to protect your email account is good and simple; change the password often, and check your settings… make sure no one setup all your messages to be forwarded somewhere else.

How is that an “electronic tripwire”?

For starters, the indicated method doesn’t tell you IF your email account has been hacked UNLESS this “honeypot-sounding” file accessed online; a dedicated “cracker” (not “hacker”) would surely download it to desktop/ inspect first offline. Clearly, it assumes that all crackers are utter morons, unable to see through such gee-advanced plot, such as this one of yours.

There are social engineering and technological methods to detect mail intrusion without giving the game away, but nowhere near this simplistic, and this is not the forum to disclose them, thus educating wannabe-crackers.

I store my password on PassPack. It is a great solution, in my opinion. I love 1click auto-login

Will this trick tell me if FISA is reading my mail?

Here are two freeware programs that can also protect your email and all your passwords.

PointCrypt can be used to quickly encrypt any emails you send between other people you know. You only have to make two clicks to encrypt and decrypt the email contents. Strong BlowFish 64 encryption.

http://shareware.pcmag.com/product.php%5Bid%5D91868%5Bcid%5D253%5BSiteID%5Dpcmag

Screen Saver Override has several features within, one allows for you to type in a simple password that you can always remember, then highlight it, and then press a function key (F8, etc). The password will be converted to a complex string from 8 to 32 characters long (you choose the length). This hard password then replaces the simple password where upon you can simply hit enter.

http://shareware.pcmag.com/product.php%5Bid%5D91932%5BSiteID%5Dpcmag

Also can search: Gulf Coastal Software
at: http://www.simtel.net

[…] Are you Sure your Email isn’t being Hacked? | MakeUseOf.com (tags: security hacks email howto internet gmail hack hacking **) […]

http://www.gnupg.org

If your going to use any e-mail program… encrypt everything.
Especially if your going to use a “free” e-mail such as google’s gmail.
These people think they can snoop your mail and create a database on even the mundane contents.

They do this for marketing profits and to try to “make you a better webuser/consumer”. Their aim is to change how you use the web and what you see and find easily.

I say encrypt everything! Today no one should be communicating without using free public key encryption!

[…] Fonte: MakeUseOf […]

A far superior method is to use http://linkblip.com/
Free, automatic email notification.
Hide the linkblip url using another url shortening service eg. snurl.com if you want.

http://wantadance.blogspot.com

[…] Fonte: MakeUseOf […]

[…] Trick: Wie man mit einem Online-Counter herausfindet, ob der eigene E-Mail-Account gehackt […]

hello, nice blog u got here……really interesting softwares and stuff
could you tell me the code of those big digg and twit,etc buttons at the end of ur every post….i mean its really cool….please can u tell me…pretty please….

[…] Are you Sure your Email isn’t being Hacked? | MakeUseOf.com (tags: HowTo Privacy Security Tech) […]

[…] Are you Sure your Email isn’t being Hacked? | MakeUseOf.com (tags: security email hacks howto internet gmail hack hacking) […]

this will not work unless the guy reading your mail is a dumb-ass….

real identity thiefs don’t use ms-crapware and won’t let you get a hint from where they logged in, and if they do, they are using proxies or anonymizers…

kind regards,

mrjack

[…] Filed under: IT Helpdesk — o m i e @ 9:48 am Tags: email security Is somebody hacking your email account without even you knowing it? Read how you might be able to detect this invisible […]

[…] Are you Sure your Email isn’t being Hacked? | MakeUseOf.com (tags: email hack privacy tools test) von del.icio.us | del.icio.us | trackback | rss feed […]

[…] but if you’re still not feeling safe, this is a decent trick for finding out for sure. Are you Sure your Email isn’t being Hacked? […]

[…] { February 23, 2008 @ 6:19 am } · { HackinTenz } { Tags: Software Update } 1. Monitor you Email - If it been hack or Not? This webpage allow you to specs and monitor you accessing email which what you can see incoming or outgoing email happen in the server. You also can log the access system which monitor the log file of access to the email account. I try this and it seems good to look sometimes on your email. Click Here […]

[…] read more | digg story […]

[…] “Are you Sure your Email isn’t being hacked?” outlines a clever ploy for trapping anyone who is covertly spying on your e-mail. The article lays out the details of e-mailing a hit counter to yourself disguised as something enticing, such as a list of passwords. If someone reads this booby-trapped e-mail, the hit counter records the date, time, location, IP address, referrer, and ISP. […]

est il availible en Francais, my English not good

[…] as private and important as their email have become compromised. MakeUseOf has created a guide to making digital ‘tripwires’ so you’ll know if you have been […]

[…] as private and important as their email have become compromised. MakeUseOf has created a guide to making digital ‘tripwires’ so you’ll know if you have been […]

February 14th, 2006 at 9: 53 am Feedblitz seemed to be the best I could find (feedburner integration is a bonus). With the paid version I don’ t get the heavy orange branding Mike speaks of, but I’ ve always wanted more in relation to the frequency. I want a console that allows me to do scheduling. More importantly, I want to check off which articles to include in the mailout. Email fatigue sets in quickly and blasting off every single post is a sure fire way to keep your churn rate high. The other question…