Acid Burn

Here I shall give in details on how to hack email IDs using fake login screens. This method can be used for most of the mail servers which includes rediff, yahoo, indiatimes, hotmail and webmails etc.

Step By Step Method

Step 1:

Save the yahoo login page in the local disc and modify the following

and

Insert a fake session expired string displaying "Your Login Session Has Expired. Please ReLogin". View "Screenshot 1" for details. Save the page and send to victim's email ID in attachment (the attachment should go as html).

The victim when tries to view the hacker's mail, it will open somthing like "Screenshot 1". It is a fake yahoo login screen which displays the fake session expire message.

Note: The text showing "Put Here The Link Of Any Open Relay SMTP" should be the "dll" link which processes the Mail send and Mail receive. Don't expect such link from me, I cannot give you such link. Take pains to find it on your own.

Screenshot1: Fake Session Expire Message

Step 2:

The victim may think that the session has expired and will try re-login. Once the victim enters the user ID and password, the information will be sent to the hacker's email ID. Refer to Screenshot 3 where the hacker receives the victim's password.

Screenshot 2: Victims enters the password

Step 3:

The victim's information is routed through the smtp link given by the hacker. This mail will appear to come from that smtp server for which the link has been provided in the fake script.

Screenshot 3: Hacker received the password of the victim

Countermeasures