Man
Professional
- Messages
- 3,085
- Reaction score
- 623
- Points
- 113
1. Look for ANY accounts associated with the email in the inbox.
This step involves searching the email inbox for any information related to online accounts. We use this as a starting point to gather information about the victim once we accessed email. Also we can search for attachments like bills, driver license, statements.
2. Go to the website of the accounts, go to log in page, throw in the email of the log and click on forgot password.
We use email to initiate the password reset process. Why we do this? To gain control of the account by exploiting the password recovery mechanism.
3. Check the log for the change password link. Click the link and change that shit.
After initiating the password reset, we check the email inbox for the password reset link sent by the website. We click on it to change the account password and gain unauthorized access.
4. Now you should be in the account. Check for linked cards or banks. If you there is some you are in BUSINESS!
Once we gained access to the account, we look for linked financial information, such as credit cards or bank accounts. This information can be used for transactions.
5. WIPE the account down with any method that you know.
Rinse and repeat with any other accounts you find in that log.
This method will and has always worked and is one of the easiest when it comes to account takeovers. Email logs are easy to get, find, or buy, and you can get thousands of them for the low.
Best ones in our opinion are Yahoo and Outlook. Mostly older people use them shits and are not very tech-savvy, so you won't have to worry most of the time about 2FA.
Gmails are instant goldmines since people usually associate everything with their Google account, including all the devices that they use, but are much harder to get into because Google's security is Trump tight.
Best way to get into a Gmail is by using a RAT (remote access terminal) to takeover someone's mobile device or PC. At that point, you will be using their sh*t remotely like you actually have the device in your possession.
This step involves searching the email inbox for any information related to online accounts. We use this as a starting point to gather information about the victim once we accessed email. Also we can search for attachments like bills, driver license, statements.
2. Go to the website of the accounts, go to log in page, throw in the email of the log and click on forgot password.
We use email to initiate the password reset process. Why we do this? To gain control of the account by exploiting the password recovery mechanism.
3. Check the log for the change password link. Click the link and change that shit.
After initiating the password reset, we check the email inbox for the password reset link sent by the website. We click on it to change the account password and gain unauthorized access.
4. Now you should be in the account. Check for linked cards or banks. If you there is some you are in BUSINESS!
Once we gained access to the account, we look for linked financial information, such as credit cards or bank accounts. This information can be used for transactions.
5. WIPE the account down with any method that you know.
Rinse and repeat with any other accounts you find in that log.
This method will and has always worked and is one of the easiest when it comes to account takeovers. Email logs are easy to get, find, or buy, and you can get thousands of them for the low.
Best ones in our opinion are Yahoo and Outlook. Mostly older people use them shits and are not very tech-savvy, so you won't have to worry most of the time about 2FA.
Gmails are instant goldmines since people usually associate everything with their Google account, including all the devices that they use, but are much harder to get into because Google's security is Trump tight.
Best way to get into a Gmail is by using a RAT (remote access terminal) to takeover someone's mobile device or PC. At that point, you will be using their sh*t remotely like you actually have the device in your possession.
