.

Email engineering

<<

W3bWarl0cK

Newbie
Newbie

Posts: 9

Joined: Wed Apr 08, 2009 1:31 am

Post Thu Jun 18, 2009 7:11 am

Email engineering

I had an idea about a way to prank my brother.

My idea was to try to get my brother to give me his facebook password, and then add rediculous applications to his account...
To do this, I was hoping to change my email account settings in Outlook to make it look like I'm sending him an email from facebook saying that it looks like his account has been hacked and that his password may have been changed. And then asking for his password to make sure the records on facebook's systems are accurate.

I managed to change the name on the email, but when I read the test mail, it went through as 'Facebook Support [w3bwarl0ck@gmail.com].
Obviously, this is a problem and it made me think, is it actually possible to fake your email address? If so, how? I changed the email address on my gmail account in outlook, and I through the only sign that the mail's fake would be in the headers...
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Jun 18, 2009 7:17 am

Re: Email engineering

You may research mail-spoofing..

Is there any particular reason for such "pranking"? Guess you wouldn't like the idea if someone is pranking with you.

I would recommend to put your efforts somewhere else which is more useful for yourself such as learning networking basics or whatever else interests you.
<<

W3bWarl0cK

Newbie
Newbie

Posts: 9

Joined: Wed Apr 08, 2009 1:31 am

Post Thu Jun 18, 2009 8:44 am

Re: Email engineering

No real reason for the prank, just jokes between brothers...

Last time, I took a screenshot of his desktop, hid all his icons and set the background image to the screenshot I took... He was really confused, but we got a good laugh out of it...
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Thu Jun 18, 2009 8:59 am

Re: Email engineering

There are ways to spoof emails, but why not think outside the box?  Since you have physically access to the computer there are a lot more opportunities for you.  Install key logging software on his machine and just look for the password in the output.  Or find a program to read his browser settings, just in case he saved the Facebook password locally.

Either that, or you can hold him down and give him a pink belly until he gives up his password.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Jun 18, 2009 9:23 am

Re: Email engineering

That's so juvenile.  Why not just change his shell to something like, oh, a looped rickroll video.  There is also the BSODomizer.
~~~~~~~~~~~~~~
Ketchup
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Jun 18, 2009 3:37 pm

Re: Email engineering

Or if we're trying to be creative, these domains are available:

facebooksupport.org
face-book-support.com  
facebookapproval.com
face-book-security.com

Have fun... but be careful. Your brother, in continuing the prank, could call the authorities on you. Then who'd be laughing!!  :'(

Don
CISSP, MCSE, CSTA, Security+ SME
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Jun 19, 2009 12:23 am

Re: Email engineering

don wrote:Then who'd be laughing!!  :'(


I guess the authorities/ police. ;D
<<

TeknoGod

User avatar

Newbie
Newbie

Posts: 5

Joined: Thu Aug 05, 2010 2:21 am

Location: Los Angeles

Post Thu Aug 05, 2010 2:34 pm

Re: Email engineering

Im still new to this game and dont know much about anything yet. But one thing I do know is people and when someone wants to spy on his old lady.  Dont trip, we have all been there before. Try putting on your deep voice and breaking stuff when she wants to go out with her friends and leave you to flip out.
        Trust me its better in the long run to be the azz than it is to be the psycho computer stalker boyfriend.         
        If im wrong about this I apoligize but hacking your bro is only gonna get you knocked out. Plus its not that funny, try sending him an email with his profile in a fake megans list newsletter.  ;D
Help me!!!!! I need a mentor who lives in Los Angeles CA
<<

Anquilas

User avatar

Full Member
Full Member

Posts: 169

Joined: Fri Mar 19, 2010 7:50 am

Location: Belgium

Post Fri Aug 06, 2010 3:38 am

Re: Email engineering

Changing a desktop background is one thing, gaining access to his private data is another.
That's a line I wouldn't like to cross with my sis (and she with me).

Could be the start of a nice cyberwar between the two of you though, might be a good opportunity to learn.
Wargames ftw!

In any case, if you do continue, have fun. But be ready for some hard-ass retaliation coming your way. At least that would be the case with me if you were my brother :)
Twitter: https://twitter.com/dietervds
Blog: https://synquell.wordpress.com (not much there yet)

The beginning of knowledge is the discovery of something we do not understand.
<<

kerpap

User avatar

Newbie
Newbie

Posts: 8

Joined: Tue Jul 08, 2008 2:55 pm

Post Tue Aug 10, 2010 11:35 pm

Re: Email engineering

I dont condone this but I would say there is a much easier way to gain a facebook password.
create an html page that looks like the facebook login or a page that says login with your facebook account. then send a message to your brother saying, Wow you gotta check out this game! or Wow this site looks really cool!

you can easily create a page that will submit that data to your email then you have access.

the reason I say this is because this is one of the most common ways hackers gain access to social networking and or any other online account info

Phishing
<<

nytfox

User avatar

Newbie
Newbie

Posts: 20

Joined: Mon Nov 28, 2011 1:54 am

Post Tue Jan 31, 2012 7:05 am

Re: Email engineering

you can use a fake email sender. with that you can send from anyones e-mail address. and if you wanna get his password . do a MITM in the local network and grab the password .
Unlike others I love NULLS
http://treasuresec.com
<<

jinwald12

User avatar

Jr. Member
Jr. Member

Posts: 77

Joined: Thu Nov 05, 2009 5:42 pm

Post Tue Mar 06, 2012 11:15 pm

Re: Email engineering

http://emkei.cz/

my personal favorite
where did all the fun go?
<<

millwalll

Post Wed Mar 07, 2012 7:52 pm

Re: Email engineering

This is a little off topic but I purchased an item online from a major company in the uk today and got an email to confirm my order. I then saw this bit in the email

Security

We will never ask you to send any personal details via email. If we require such details, for security reasons we will ask you to contact us by phone. Should you receive an email claiming to be from blar blar requesting this kind of information, please do not respond to it but do let us know.


Am I reading this wrong but does this not leave them open to a SE attack for example please contact us asap on 0111111111 then use social engineering to get all the personal details?

Return to Social Engineering

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software