Top 7 steps to hack into someone’s bank account within 60 minutes without being caught.
The Lab experiment:
Herbert Thompson* in 2008 wanted to show the public how easy it was to access someone’s personal information and bank account.
He did the experiment on someone who he barely knew, a girl named mercy peters. Using the knowledge he knew about her, her name, where she was from, where she worked and roughly her age, he was able to access her bank account in ONLY 7 STEPS Highlighted below!!!
Read below to see how he did it – in the early days before Facebook!
>>Do You Want To Receive Update As Soon As We Publish? join our Telegram Channel stay updated with the latest headlines--CLICK HERE
Google search. He googles her. Finds a blog and a resume. (Thompson called her blog a “goldmine.”) He gets information about grandparents, pets, and hometown. Most importantly he gets her college email address and current Gmail address.
Next stop: Password recovery feature on her bank’s web site. He attempts to reset her bank password. The bank sends a reset link to her email, which he does not have access to. He needs to get access to her Gmail.
Gmail access. He attempts to reset her Gmail password but Gmail sends this to her college email address. Gmail tells you this address’ domain (at least it did in 2008 when Thompson conducted the experiments) so he knew he had to get access to that specific address.
College email account page. Thompson clicks the “forgot password” link on this page and winds up facing a few questions. Home address, home zip code and home country? No problem, Thompson has it all from the same resume. The same resume found from the simple Google search done earlier. Then came a stumbling block: the college wanted her birthday. But he only had a rough idea of her age, no actual birth date.
State traffic court web site. Apparently, you can search for violations and court appearances by name! And such records include a birth date. (Facebook also makes this piece of data very easy to get even if people do not note their birth year… Remember Thompson knew roughly how old Kim was.) But he had no luck with the Department of Motor Vehicles.
Thompson goes back to the blog and does a search for “birthday.” He gets a date but no year.
Finally, Thompson attempts the college reset password again. He fills in her birth date, and simply guesses the year. He gets it wrong. But the site gives him five chances, and tells him which field has the error. So he continues to guess. He gets access in under five guesses. He changes her college password.
This gives him access to her Gmail password reset email. Google requires some personal information which he is able to get easily from her blog (e.g., father’s middle name.) Thompson changes the Gmail password and that gives him access to the bank account reset password email.
Here again he is asked for personal information, but nothing that he could not glean from Kim’s blog (e.g., pet name and phone number.) He resets the bank password and bingo, has immediate access to all her records and money.
ADVISE AND NOTE TO TAKE HOME;
Although the blessings of social media is extremely remarkable. However, precautions must be taken when sharing personal data, photos, more personal details about yourself on social media platforms like Facebook, twitter and Instagram.
Such hack should/might have been attempted on your account and sadly, if your bank account is vulnerable you will be kissing good bye to all your hard earned monies.
We have covered lots of topics here, ranging from Fake bank account apps to Confirmed Ways to Create and Do Fake Bank Alerts In Nigeria and even fake check scams. All are strictly for educational purpose.
Disclaimer: This post is strictly meant for educational purposes only. To help ignorant people not to fall victim to online scammers. However, if you choose to use the tips from this post for other activities, you’re solely responsible for the consequences. CCNWORLDTECH will not be held responsible for anyone’s action.
1.Mobile Banking Trojans.
- How to hack a bank account using Mobile Banking Trojans.
When you download and install them, they will start scanning for banking app on your phone, when it detects a banking app, the malware quickly puts up a window that looks identical to the app you just booted, if this is done smoothly, the user won’t notice any swap and will enter his/her login details, which the app will send to the malware author.
- How To Prevent Mobile Banking Trojans
Phishing simply involves creating a dummy website, like a clone of a popular website such as Facebook or a shopping site like Jumia. In this method, the hacker creates a website, typically an E-commerce Website, since he hopes to collect bank details. Then promotes the website through social media to get users. He might even reduce the price of the items in the shopping cart to get people to purchase. During the payment, the transaction is not secure, thus leading to the site administrator having access to the raw card details through the backend of the website.
The hacker collects as many card details as possible. The details to collect is the card number, name expiring date, and the CVV code. The hacker then uses the card details he has collected to make purchases online through the person’s account. Some Nigerian banks have a 2 step authentication process where they send an OTP to the registered number to verify the transaction. In this case, the card is not useful to the attacker. However, if you use the card to buy stuff from sites outside Nigeria (ie payment in foreign Currencies), it bypasses the OTP authentication.
Tools needed to achieve this.
- Laptop with an internet connection
- A website or a web developer as the case may be
- Domain name and web hosting plan
Keylogging involves sending a Trojan horse to the target computer usually through an email or a push notification. The Trojan is installed in the person’s computer and relations undetected. The aim is to track activities on the keyboard. Let’s set the person who wants to make an online purchase.
He will enter his card details and login credentials which will be sent to the attacker via notification to a remote system. The information from this Trojan horse can be used directly to login to the victims’ accounts on virtually all platforms including their internet banking platform.
The attacker simply transfers the money from the amount to an account, usually to PayPal or through paystack, since there’s an end to end encryption. It will be difficult to track the transaction.
This method is very effective but requires knowledge of some technical stuff such as hacking. But the attacker can simply outsource the services of a hacker to develop the malware for them.
At some point in time a lot of us have come across messages stating “Due to system upgrade, your account is at risk of being closed and requires immediate action. Contact 08********** to begin the reactivation process”.
That’s basically what this method entails in a not shell. Sending mass emails to different numbers with the hope of getting at least one victim to reply with their BVN and card details to help them reactivate. Once the victim calls to get help for their account activation, the hacker acts professionally to give the victim a sense of authenticity and validation.
They proceed and promise to help the victim but to do so, they will need the BVN and card details of the person. Some actually send them the requested details. The attacker will now make use of the card details to make purchases in foreign countries or transfer funds to their PayPal account.
ALSO CHECK OUT:
- How to Spy On Your Boyfriend’s or Girlfriend’s Phone Without Their Noticing –Android Apps That Let You Do This
- Top 10 Richest Yahoo Boys in Nigeria
- How to Hack Bank account in Nigeria in 30 Minutes
Although this method is gradually becoming ineffective since most Banks are massively sensitizing their customers as to the invalidity of such messages. Some people still fall victim to such messages and hackers can use that to exploit and hack into people’s accounts. The tools needed to achieve this are listed below.
- Bulk SMS Website
- Laptop with an internet connection
- List of active Nigerian numbers (some hackers randomly generate numbers using a software)
SMS authentication codes is currently one of the major hindrance most hackers are facing everyday whenever they try to scam vulnerable victims. Sadly, they have a way to dodge these security checks, and they don’t even need your mobile phone to do it!
In order to perform a SIM swap, a hacker contacts your Internet service providers or network provider, claiming to be you. They state that they lost their phone, and that they’d like a transfer of their old number (which is your current number) to their SIM card.
Once they have your number on their SIM card, they can circumvent SMS codes easily. When they log into your bank account, the bank sends an SMS verification code to their phone rather than yours. They can then log in to your account unimpeded and drain your account.
There you have it, as mentioned above this post is meant to educate and protect you by showing you how attackers hack bank accounts in Nigeria, and not intended as a means for defrauding others. Use this post wisely and at your own risk.
** GET Ultimate Bet9ja Hacks and Secretes to Win #100K Daily (Grab your copy #2000 Only)- CLICK HERE
** NigeriaLoom.com is now on Telegram. Join our Telegram channel (@CCNWORLDTECH and stay updated with the latest headlines--CLICK HERE
Cccnworldtech works assiduously by integrating lots of effort and resources in our content delivery system, providing our readers with plagiarism-free articles, original and high-quality write-ups. We strongly advise that Contents on this website may not be copied, republished, reproduced, redistributed either in whole or in part without due permission or acknowledgement. Don't know the consequences of copyright infringement? Check Here. In an effort to protect our intellectual properties, we will instantly report your website to Google without prior notice and your website be removed from search engines and you may receive a strike. All contents are protected by the Digital Millennium Copyright Act 1996 (DMCA).