The FBI has recently issued a warning about a rising cyber threat where hackers manage to bypass multifactor authentication (MFA) to gain access to email accounts. Even with MFA in place, cybercriminals find ways to breach accounts by luring users into clicking on phishing links or visiting suspicious sites, allowing malicious software to infiltrate their devices.
These attacks capitalize on “cookie theft.” Unlike the well-known tracking cookies often seen in privacy debates, these are “session cookies” or “Remember-Me cookies” designed to store user credentials. Their primary function is to save login information, ensuring users do not need to repeatedly log in each time they access a website or account. This specific type of cookie has become a significant target for hackers, as it provides access without needing a username, password, or MFA.
The primary focus of these attacks is on widely-used email platforms, including Gmail, Outlook, Yahoo, and AOL. However, the threat is not limited to email alone. Cookie theft has also impacted shopping sites and financial platforms, although financial accounts typically have more extensive protection mechanisms in place to prevent unauthorized access. While financial sites often keep MFA out of session cookies, hackers frequently turn to other methods to obtain live codes necessary for access.
“Many users across the web are victimized by cookie theft malware,” Google stated, highlighting the scope of the problem. The company describes these security cookies as “fundamental to the modern web… due to their powerful utility,” which unfortunately also makes them a valuable target for cybercriminals. According to Google, this problem is “getting worse,” as criminals refine their methods for stealing these valuable cookies.
The FBI’s explanation underscores how cybercriminals exploit these cookies. “Typically, this type of cookie is generated when a user clicks the ‘Remember this device’ checkbox when logging in to a website,” they explain. When a hacker obtains the Remember-Me cookie from a recent login, they can impersonate the user and access their account without requiring the user’s credentials or multifactor authentication.
Concerns about cookie theft have been amplified in recent news, with tech companies like Google developing countermeasures to prevent these attacks. The latest initiatives focus on linking cookies specifically to individual devices and applications, making stolen cookies ineffective if used on other devices. Despite these advancements, the prevention methods are still in their early stages, and cookie theft remains a major vulnerability for internet users.
In their warning, the FBI cautions that cybercriminals are increasingly “focused on stealing Remember-Me cookies and using them as their preferred way of accessing a victim’s email.” To mitigate risks, the FBI recommends several protective measures:
- Clear Cookies Regularly: Remove cookies from your internet browser to minimize the risk of stolen credentials.
- Be Cautious with “Remember Me” Options: Weigh the convenience of using the “Remember Me” feature against the risk it could pose if the session cookie is compromised.
- Avoid Suspicious Links and Websites: Steer clear of questionable sites and links, as they often serve as entry points for malicious software. Ensuring a secure (HTTPS) connection can also help safeguard your data during internet sessions.
- Monitor Recent Device Logins: Regularly check the device login history in account settings to spot any unauthorized activity and address potential breaches immediately.
In the event users suspect they have been targeted by this or any other form of cybercrime, the FBI advises reporting incidents to the Internet Crime Complaint Center (IC3) via www.ic3.gov.