How to hack mailbox : New Method
By Prempal Singh
Israeli researchers have described a new method of attack called PRMitM (Password Reset Man-in- the-Middle), which allows to initiate a password reset e-mail from the user when registering on another site.
PRMitM involves the use of methods of social engineering, because the attacker will need to convince potential victims to register an account on a specially created website.
When a user enters their username or email address in the registration form online intruders, resource then sends this information to the victim’s page on Google, Yandex and Yahoo! for initializing the password reset process. If service requests execution of additional actions, such as entering CAPTCHA, the answer to the secret question and enter the verification code sent to the SMS-message, the attacker completes the registration form corresponding items.
PRMitM effective only against accounts in the e-mail services. As explained by experts, the majority of web-sites to send a link to reset your password in e-mails, whereas e-mail services use other techniques such as the already mentioned CAPTCHA tests, answers to security questions and verification codes.
The success of the attack depends mainly on care users, the researchers note. For example, during testing of a new method, many users have made in the form of registration, all required information without even knowing that someone is trying to hack into their account. Moreover, when receiving SMS-messages with the code verification, most users do not even bother to read the notice in full, which could prevent account hacking. Some services, such as Twitter or Facebook, indicated in the SMS-messages, for what purpose is the code (password reset, registration, etc.).
To counter such attacks in the future, the researchers recommend the services of a number of measures, including to send links to reset passwords in the SMS-messages, if they do not engage in the sending of such links in emails. After receiving such a message when registering at another site, the user will understand that there is something suspicious, believe researchers.