Email engineering

[W3bWarl0cK]

I had an idea about a way to prank my brother.

My idea was to try to get my brother to give me his facebook password, and then add rediculous applications to his account...
To do this, I was hoping to change my email account settings in Outlook to make it look like I'm sending him an email from facebook saying that it looks like his account has been hacked and that his password may have been changed. And then asking for his password to make sure the records on facebook's systems are accurate.

I managed to change the name on the email, but when I read the test mail, it went through as 'Facebook Support [w3bwarl0ck@gmail.com].
Obviously, this is a problem and it made me think, is it actually possible to fake your email address? If so, how? I changed the email address on my gmail account in outlook, and I through the only sign that the mail's fake would be in the headers...

[UNIX]

You may research mail-spoofing..

Is there any particular reason for such "pranking"? Guess you wouldn't like the idea if someone is pranking with you.

I would recommend to put your efforts somewhere else which is more useful for yourself such as learning networking basics or whatever else interests you.

[W3bWarl0cK]

No real reason for the prank, just jokes between brothers...

Last time, I took a screenshot of his desktop, hid all his icons and set the background image to the screenshot I took... He was really confused, but we got a good laugh out of it...

[unsupported]

There are ways to spoof emails, but why not think outside the box?  Since you have physically access to the computer there are a lot more opportunities for you.  Install key logging software on his machine and just look for the password in the output.  Or find a program to read his browser settings, just in case he saved the Facebook password locally.

Either that, or you can hold him down and give him a pink belly until he gives up his password.

[Ketchup]

That's so juvenile.   Why not just change his shell to something like, oh, a looped rickroll video.   There is also the BSODomizer.

[don]

Or if we're trying to be creative, these domains are available:

facebooksupport.org
face-book-support.com  
facebookapproval.com
face-book-security.com

Have fun... but be careful. Your brother, in continuing the prank, could call the authorities on you. Then who'd be laughing!! 

Don

[UNIX]

Then who'd be laughing!!  

I guess the authorities/ police.

[TeknoGod]

Im still new to this game and dont know much about anything yet. But one thing I do know is people and when someone wants to spy on his old lady.  Dont trip, we have all been there before. Try putting on your deep voice and breaking stuff when she wants to go out with her friends and leave you to flip out.
        Trust me its better in the long run to be the azz than it is to be the psycho computer stalker boyfriend.         
         If im wrong about this I apoligize but hacking your bro is only gonna get you knocked out. Plus its not that funny, try sending him an email with his profile in a fake megans list newsletter. 

[Synquell]

Changing a desktop background is one thing, gaining access to his private data is another.
That's a line I wouldn't like to cross with my sis (and she with me).

Could be the start of a nice cyberwar between the two of you though, might be a good opportunity to learn.
Wargames ftw!

In any case, if you do continue, have fun. But be ready for some hard-ass retaliation coming your way. At least that would be the case with me if you were my brother

[kerpap]

I dont condone this but I would say there is a much easier way to gain a facebook password.
create an html page that looks like the facebook login or a page that says login with your facebook account. then send a message to your brother saying, Wow you gotta check out this game! or Wow this site looks really cool!

you can easily create a page that will submit that data to your email then you have access.

the reason I say this is because this is one of the most common ways hackers gain access to social networking and or any other online account info

Phishing

[nytfox]

you can use a fake email sender. with that you can send from anyones e-mail address. and if you wanna get his password . do a MITM in the local network and grab the password .

[jinwald12]

http://emkei.cz/

my personal favorite

[millwalll]

This is a little off topic but I purchased an item online from a major company in the uk today and got an email to confirm my order. I then saw this bit in the email

Security

We will never ask you to send any personal details via email. If we require such details, for security reasons we will ask you to contact us by phone. Should you receive an email claiming to be from blar blar requesting this kind of information, please do not respond to it but do let us know.

Am I reading this wrong but does this not leave them open to a SE attack for example please contact us asap on 0111111111 then use social engineering to get all the personal details?