Quantcast
Subscribe to magazine

Blogs

    Privacy Watch

  • Few things are more valuable than your personal data. Associate Editor Erik Larkin shows you how to protect it.
  • Subscribe to this blog

Set a Hacker Alarm on Your Web Mail Box

Erik Larkin, PC World

Illustration: Harry Campbell
Your Web mail account is a treasure trove of private and potentially valuable information--and thieves know it. In an online interview, one phisher claimed to make thousands of dollars every day by breaking into people's E-mail accounts and searching for messages that contain financial details.

Normally you can't tell whether you've been hacked in this way. Even if you cannily leave a juicy-sounding e-mail unread, a thief or snoop may read it and then return its status to unread. But with a little bit of know-how, you can create an electronic trip wire that will trigger whenever someone reads a rigged e-mail.

I came across the idea, which takes advantage of a free Web hit counter, in a blog post by Jeremiah Grossman of WhiteHat Security. After I talked with him, we came up with a setup that's easier than the one he originally suggested.

The gist of it is to keep an e-mail message in your account that includes the code for the counter. Opening the attachment trips the counter, thereby alerting you that someone was snooping.

Here's how to set it up:

1. Head over to OneStatFree.com and register for a free Web counter account. You can list anything for the site URL, and use a disposable e-mail address to complete the registration process (click for tips on using such e-mail accounts).

2. Look for an e-mail from OneStat sent to the address you used when you registered. It will come with an attached file named OneStatScript.txt. Save that file, and note your account number. Then delete the e-mail, which has your account details.

3. Give the .txt file a name that will catch a spy's eye, like "BankPasswords," and make it an .htm file so it opens automatically in a Web browser (and trips the counter).

4. Send the file as an e-mail attachment to the Web mail account that you want to monitor. Use a similarly baited subject line, like "Account log-ins," for the message. Just be sure not to open the file when you send it--you don't want to set off your own alarm.

5. Sit back and wait like the patient spy-catcher you are. If anyone opens your rigged attachment, the hit counter will reflect that fact and will record information about them, including the IP address of the accessing computer. To check the counter stats, just log back in to your account at OneStatFree.com.

Of course, the way to maximize your protection is to avoid keeping sensitive financial data in your Web mail in the first place. The excellent, free Stanford Password Hash browser add-on provides additional security by making it easy to use strong, unique passwords for all of your accounts.

  • Recommend this story?
  • 0 Yes
    0 No

"Set a Hacker Alarm on Your Web Mail Box" Comments

Print 50% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.

Featured APC Accessories For Your System
10% Off Entire Cart at Online Store

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

Focus on Personal Productivitysponsored by Microsoft

  • Personal Finance 2.0 These free and fee-based Web services not only aggregate data from your online bank accounts, they give you tools for managing your money.
  • High-Tech Travel Tips Plenty of stories provide advice for elite mobile professionals. But what about you, the unproductive traveler?

People who read this also read:

Privacy Watch

All PC World Blogs

  • 2007 Microsoft Office Suites Comparison This paper compares and contrasts four suites of the 2007 Microsoft Office system: Microsoft Office Standard 2007, Microsoft Office Professional Plus 2007, Microsoft Office Enterprise 2007 and Microsoft Office Ultimate 2007. This paper is intended to help organizations understand the applications and capabilities offered, and to identify the suite that best fits their needs.
  • Windows Vista Migration: The Business Proposition It's not so much a matter of "if" but "when" for most organizations regarding migration to Windows Vista. Laying the groundwork now for this migration can yield higher ROI than waiting until later. This Computerworld Technology Briefing explains it all.

Today's Special Offers