FBI Warns: Hackers Gain Access to Gmail, Outlook, AOL, Yahoo Accounts
"Cybercriminals gain access to email accounts," warned the FBI last week. In this case, even multi-factor authentication (MFA) does not help. The attacks begin when users are lured “to visit suspicious websites or click on phishing links that download malware to their computer.”
Dangerous cookies
The email access itself is done through cookie theft. Not the evil tracking cookies we read so much about, which caused chaos when Google backed away from its promise to eradicate them from Chrome. These are session cookies, or security cookies, or “remember me” cookies. They store your credentials so you don’t have to sign in every time you visit a website or access one of your accounts.
The threat affects all email platforms that provide web logins, although Gmail, Outlook, Yahoo, and AOL are the biggest. The same threat clearly affects other accounts, including shopping sites and financial platforms, although these sites now often have additional security measures in place, especially for financial accounts. MFA is not typically stored in the same way, and criminals use other methods to steal codes in real time.
On the subject: We are being watched through phones: how to set up eavesdropping protection on Android and Apple
“Many users on the internet are falling victim to cookie-stealing malware,” Google warned. “This gives attackers access to their web accounts.” Google describes security cookies as “a lucrative target for attackers.”
"Typically, this type of cookie is generated when a user clicks the 'Remember this device' checkbox when logging into a website," the FBI said. "If a cybercriminal obtains a Remember-Me cookie from a user's recent webmail login, they can use that cookie to log in as the user without the need for a username, password, or multi-factor authentication (MFA)."
You may be interested in: top New York news, stories of our immigrants and helpful tips about life in the Big Apple - read it all on ForumDaily New York
4 steps to ensure safety
Cookie theft has been in the news a lot lately, and Google and other platforms are continuing to make efforts to prevent such thefts from Chrome and other browsers. These latest efforts aim to tie cookies to devices and apps, making the thefts useless. But for now, cookie theft remains a serious threat.
"Cybercriminals are increasingly focusing on stealing Remember-Me cookies and using them as a preferred method of accessing victims' email," the FBI warns, recommending four simple steps to minimize the risk:
- Clear cookies from your internet browser regularly.
- Be aware of the risks associated with checking the "Remember Me" box when logging into a website.
- Do not click on suspicious links or websites. Only visit sites with a secure connection (HTTPS) to protect your data from being intercepted during transmission.
- Please periodically check your device's recent login history in your account settings."
If you believe you have been a victim of this or any other cybercrime, you can report it to the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov.
Read also on ForumDaily:
How to enter the darknet and what you can find there
How to Easily Delete Old Emails in Gmail
Subscribe to ForumDaily on Google NewsDo you want more important and interesting news about life in the USA and immigration to America? — support us donate! Also subscribe to our page Facebook. Select the “Priority in display” option and read us first. Also, don't forget to subscribe to our РєР ° РЅР ° Р »РІ Telegram and Instagram- there is a lot of interesting things there. And join thousands of readers ForumDaily New York — there you will find a lot of interesting and positive information about life in the metropolis.