The FBI has issued a warning about a new cybersecurity threat: cybercriminals are stealing session cookies from email accounts, allowing them to bypass multi-factor authentication (MFA) and gain unauthorized access.
This tactic is a growing concern, especially for users who rely on consumer email services like Gmail, Outlook, Yahoo and AOL that have a webmail component.
Session cookies are small pieces of data stored in your browser after you log into a website. When you check the "remember me" box during login, your browser saves a session cookie that contains a unique session identity. This identity confirms to the server that you are the same user who logged in earlier. Typically, the session identity is valid for about 30 days, allowing you to stay logged in without needing to re-enter your credentials. If a cybercriminal gains access to your session cookie, they can log into your account as if they were you — even if you have MFA enabled. If an attacker already possesses the session cookie, they bypass MFA entirely.
The most common method for stealing session cookies is through malware. Modern malware, especially information-stealing types, is specifically designed to target and collect session cookies from infected devices. Once cybercriminals have the session cookie, they can hijack your account. A Man-in-the-Middle attack, where a hacker intercepts communication between your device and the website, can occur if the connection is not secured by Hypertext Transfer Protocol Secure (HTTPS), especially on unsecured public Wi-Fi networks.
Email accounts are the window into a user’s life because they contain information about banking activities, shopping habits and other sensitive details. With this knowledge, the attacker can send targeted phishing attacks, increasing the likelihood you will be duped. Attackers can also use your email account to send spam or phishing emails to your contacts, spreading the attack further. Perhaps the most alarming risk is that attackers can reset your passwords on other accounts linked to your email address, potentially gaining access to your social media, online banking and other important accounts.
To protect yourself from cookie attacks, follow these best practices:
- Use modern up-to-date security software on all your devices to block malware before it steals session cookies or performs other malicious activities.
- Update devices and software regularly to patch vulnerabilities that cybercriminals exploit.
- Discontinue the use of the "remember me" option. The convenience of using the "remember me" option is most likely not worth the security risk. Never use this feature on a shared or public computer
- Log out after use to invalidate the session identity stored in the cookie, preventing attackers from using it to log in after you’ve finished your session.
- Delete cookies regularly which clears your browser’s cookies, particularly after you finish using important accounts like email or online banking.
- Only use secure HTTPS connections by checking the padlock icon in the browser’s address bar to confirm the site is secure.
- Regularly check the login history for critical accounts like email and online banking for any unauthorized devices or locations accessing your account. Many services provide a way to view recent logins, which can help to quickly identify suspicious activity.
While MFA remains a strong line of defense against unauthorized logins, it is not foolproof, and tactics used by cybercriminals are continuously evolving. By following these best practices, you can reduce the risk of becoming a victim of this growing threat. Stay vigilant, keep your devices secure and consider the security implications of convenience features like the "remember me" option.
If you would like to discuss your cybersecurity readiness or have a no-cost cybersecurity overview completed, please reach out to OMNIPOTECH.
For more information, visit omnipotech.com or call Robert Kyslinger at (281) 768-4308.