LCI Learning

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on Email

Share More

Shonee Kapoor (Legal Evangelist - TRIPAKSHA)     20 September 2011

Attempt to hack accounts, where/ how to lodge a complaint

Hi Friends,


Once sometime back, my email account was hacked. Hence I am more guarded now.

There are some other phishing attacks on my comp. Also some silly guy has requested my details over email (Which is very basic).

I have serious doubts about this person, who could be doing it.

I also have few IP addresses from where these mails etc are originating.

Does anyone know where/ how to complain about the same, as to the best of my knowledge, the repeated attempts means, they have not been able to hack my email account as yet.

Regards,

Shonee Kapoor
harassed.by.498a@gmail.com


Learning

 10 Replies

Raj Kumar Makkad (Adv P & H High Court Chandigarh)     20 September 2011

It is very wrong that your account had been hacked and still such nonsense efforts are going on. You may conact to Admin for this purpose. Tell me what help can be done on my part.

Sameer12345 (SSE)     20 September 2011

Hello Shoneeji,

You can get the address of the person with the help of ip address.

https://wq.apnic.net/apnic-bin/whois.pl

Let me know if you know further help.

Regards,

Sameer

Rohit Shukla (Engineer)     20 September 2011

Hi Shonee Sir,

Please find the link below, I wish it helps you out on all the above queries.

https://indiacyberlab.in/cybercrimes/whattodo.htm

BTW, you know me if you remember, we have met twice in patiala house complex (The Ex Fauzi guy) :)

Regards,

Rohit

Democratic Indian (n/a)     20 September 2011

Once sometime back, my email account was hacked.

Some common sense precautions practically help all the way to prevent all this. Keep your PC clean of any virus or spyware. Do not login using a plain text connection. In the browser's address bar ensure that instead of http it is https. It will ensure that your username/password and all data while in transit between your browser and webserver is encrypted.

 

Gmail and Hotmail allow the option to use https for your entire login session. Yahoo allows https option for usernname/password only. If the connection is in plain text, even a kid can pick up your data packets and read using a packet anyalyser. Example of Packet Analyser is https://www.wireshark.org/ You can read more about packet analyser at https://en.wikipedia.org/wiki/Packet_analyzer

 

If do not encrypt your connection, you are unnecessarily giving invitation to get your email account hacked or data snooped by anyone in your LAN on the wire or wireless, or anyone having access to any of the routers used in the path for your data packet transmit through the internet.

 

Besides this take common sense precautions of not easily guessable passwords or sharing passwords etc.

 

There are some other phishing attacks on my comp

Neither you or any Cyber Cell in the world or anybody can control the behaviour of every user in the entire internet around the world. Simple solution is to take effective preventive measures at your end. Keep your PC clean of viruses, spyware etc. and tighten the security settings. Preferably use browser like Firefox with Noscriptt.

If you are using NT based Windows OS, do not login with Adminstrator account for daily normal work including internet browsing. Instead use only restricted user account for daily normal work including internet browsing. It will ensure that if any virus/spyware/hacker is successful, will only get restricted privileges of the restricted user account you are logged in with and not get the elevated privileges of an Adminstrator account. Use Adminstrator account only for PC/OS maintance purposes only.

If you are using NTFS filesystem, you may remove Execute permission for your user profile. This will ensure that you will not by any mistake run any executable file containing any virus/spyware or malicious code, also any virus/spyware/hacker will not be able to execute any executable file in your Windows login account.

 

I also have few IP addresses from where these mails etc are originating.

IP address is not a conclusive proof that email was actually sent from that IP address. IP addresses can be spoofed very easily in emails. Also computer of somebody else can be hijacked quietly to send emails remotely.

Shonee Kapoor (Legal Evangelist - TRIPAKSHA)     21 September 2011

Thanks to all of you for the advises.

 

Regards,

 

Shonee Kapoor

harassed.by.498a@gmail.com

StrictlyDivorce (.)     21 September 2011

Shonee,

IP addresses can be spoofed and /or proxy IP address can be used to hack account making it difficult for tracking. However with experts they can be tracked.

Would recommend changing your password to a more secure password immediately and also your security questions. I normally recommend changing passwords every month at the least.

You can file a complaint with the cyber crime division with proof that attempts have been made to hack your account. Also you can send a mail to the mail providers notifying them of the attempts.

With gmail you have a feature that shows IP address of where login has happened and you can use that to make sure no one else has been able to login without your knowledge.

Also make sure someone has not set up email forwarding on your account as that allows all incoming mail to be sent to that user as well without having to login.

 

Hope this helps

 

SD

A1981 (abc)     22 September 2011

Hi Sonee Ji,

I am a research engineer (Security Domain).

 

Let me assure if you are using GOOGLE or any other account. It is not possible to hack any Gamil account remotely given assistance of experts and capacity more than normal.

It requires huge investment of both time and money (Not worth hacking single GMAIL account) untill you disclose. Google is investing money more than we can even think of just to insure that secuirty is not compromised.


Even if you feel insecure, Just make sure that Your pwd  - 

1. 10 Characters long

2. Alphnumeric (Mix of capitals and small)

3. Contains special characters

Even if someone breaks, let me tell you he will file patent very next moment 


Democratic Indian (n/a)     22 September 2011

Yes rightly said by A1981. I would like to add the following:


Social engineering is very common thing. Many people use the same password for everything. Just discover password for an unimportant account and gain access to all other accounts.


Passwords used in online public forums if not stored securely encrypted, can be seen by anyone having admin rights in these forums or the server machine, they also have your email address. If you are using the same password for logging in to the public forum and to your email address, anyone having the admin rights to the public forum or the server machine has all the ingredients required to login to your email address. You can see that in this scenario, no amount of technology or money spent by email provider can help prevent unauthourised access to your email account.


Most email service providers have a password recovery system. If the person interested to compromise your email account, knows you at a "stalking" level he would be able to compromise your email accounts. It is one of the most common exploits to compromise e-mail accounts. This cannot be called "hacking" in true sense from computer science perspective.


Example: For the security question to recover your password you have chosen the question as "What is your city of birth?" or "What is your vehicle registration number?". Anybody who knows these answers can click on the link to "recover password" and answer the security question will be able to get or change your password and access your account. But gmail has taken an additional step that your password will be sent to your another email(hopefully that is not already compromised!) or your mobile phone.


Lack of physical security can also create oppurtunities for getting email account compromised. Never store login credentials where someone else can access them. Always logout properly from email(you don't want to leave an open session for someone else) and clear the internet cache if you are using a machine to which others have access.


As already mentioned in my previous post, like keep your PC clean of malicious programs etc. can never be stressed more. If you know how to harden your operating system, nothing like it. You may also try running some security software like Nessus(https://en.wikipedia.org/wiki/Nessus_%28software%29) to access the vulnerability of your OS.

Nadeem Qureshi (Advocate/ nadeemqureshi1@gmail.com)     22 September 2011

 

 
  How to report a Cyber Crime  


Filing a complaint/ Writing an application letter.

What details will I be asked to include in my complaint?

You may need to provide the following possible information, along with an application letter addressing the head of cyber crime investigation cell when filing a complaint:

  • Your name,
  • Your mailing address,
  • Your telephone number,
  • Specific details on how the offence was committed, along with the names and addresses of suspects and any other relevant information necessary.

kartikeya (lawyer/cyber law consultant/cyber crime investigator)     22 September 2011

you can contact nearest cyber cell in your city or local police station if you want to lodge a complain. for all your quaries just simple answer .. don't click on unnecessary link on social networking websites or  in your E-mail enen if it appears from your relative or friend as if they are infected of any kind of linkjacking you will also get affected. keep your pc/laptop/mobile updated with antivirus/security software. and lastly stop surfing unnecessary sites .


Leave a reply

Your are not logged in . Please login to post replies

Click here to Login / Register