Wednesday, 24 August 2016

How do I hack into someone's bank account?

I am assuming that you are asking this question just to secure yourself. ;)
Knowing the offensive techniques is also a good way to plan for defenses. If you have read all the other answers than you have been warned about what can happen if you get caught even for a failed attempt. Always remember doing such activities is illegal and you will face setious punishment for this. Still, I will describe some ways in very high level which can be used to hack some person's bank account.
Disclaimer: This post is just for knowledge sharing. Don't ever try this at home. Even I haven't tried these. If you try any of this, you will be the only one responsible for your action.
1. Phising (Email)
Search what phishing is. If your target is not that good with computers he won't look for an HTTPS lock before entering his details.
2. Phising (Phone)
Call the person pose as a bank employee and ask for details.
These attacks seems very easy and you may argue these won't work but stats will prove you wrong. All your need is good social engineering skills (and a careless user).
You can even bypass the two factor auth using these separately or combined. I won't write details.
Let's talk about targeting a careful, phishing aware person.
3. Rat/Malware/ keylogger:
Infect your victim's computer with one of these and steal the information. Now this easy to say but difficult to do. But still doable.

How to infect his computer?
  • Pavement hacking (
  • Hide your malware into PDF or game and send that by mail or CD by post from some reputed company
  • Make him download it from internet and execute it.

4. Hack the target device:
Target his system through attack tools and look for known or zero day vulnerability.
5. Man in the Middle:
If victim is using an open unsecured WiFi or the attacker has lured the target to connect to attacker's WiFi network, then the attacker can launch various MiTM attacks on the victim's machine. Simplest example will be SSL MiTM attack which will render end to end SSL/TLS security useless. Once that is done the attacker can see victim's bank details. 
For methods 3, 4 and 5, you need to circumvent the two factor auth (assuming target is using OTP). You can intercept GSM traffic with some effort. I won't go into that.
Let's think big for some time now. you are right now thinking to break into one person's account. What if you can break into multiple people's account. Yes, it is possible ( If you somehow evade FBI, CIA, NTRO and what not). You can always rent a bank credentials stealing botnet from darknet black market. Rent it for one day and all credentials it steals in one day will be at your disposal. But remember all this is illegal and big brother is always watching. ;)

No comments:

Post a Comment