Government Security
Network Security Resources

Jump to content

Photo

How Hackers get ISP Accounts Without Hacking

- - - - - hacking spam
  • Please log in to reply
No replies to this topic

#1 Blake

Blake

    Former Commander In Chief

  • Retired Admin
  • 7,334 posts

Posted 28 December 2002 - 09:19 AM

There are so many ISPs out there that are so easy to hack that you don't even need bother hacking them. That is because most users don't monitor all their email screen names. All you have to do is send in a request to an ISP that you lost your email address and would like it changed to whatever address you want it changed to and they will send you a notice similar to the following:

"Dear Account holder: We have received a request to change the e-mail address associated with your account from xxxxx@xxx.com to xxxxx@xxx.com. If you initiated this request, please ignore this message. Otherwise, please click on the following URL to cancel this change."

The problem with this, as you quickly figured out when probing, is that if you don't completely monitor all of your email screen names constantly or if your email addresses are filled up full of spam and don't see it or if you ignore your email or delete that message or block it, then you won't be able to click on the cancellation button and then the ISP will send me the password to the account and I will then gain complete access.





Also tagged with one or more of these keywords: hacking, spam