Cybercriminals Are Stealing Cookies to Bypass Multifactor Authentication
The FBI Atlanta Division is warning the public that cybercriminals are gaining access to email accounts by stealing cookies from a victim’s computer. A “cookie” is a small piece of data that a website sends to your computer, allowing the website to remember information about your session, such as login details, preferences, or items in your shopping cart. “Remember-Me cookies” are tied specifically to a user’s login and often last for 30 days before expiring. This type of cookie helps a user login without having to keep putting in their username, password, or their multifactor authentication (MFA). Typically, this type of cookie is generated when a user clicks the “Remember this device” checkbox when logging in to a website:
If a cybercriminal obtains the Remember-Me cookie from a user’s recent login to their web email, they can use that cookie to sign-in as the user without needing their username, password, or multifactor authentication (MFA). For these reasons, cybercriminals are increasingly focused on stealing Remember-Me cookies and using them as their preferred way of accessing a victim’s email. Victims unknowingly provide their cookies to cybercriminals when they visit suspicious websites or click on phishing links that download malicious software onto their computer
Here are tips to protect yourself from putting yourself at risk:
- Regularly clear your cookies from your Internet browser.
- Recognize the risks of clicking the “Remember Me” checkbox when logging into a website.
- Do not click on suspicious links or websites. Only visit sites with a secure connection (HTTPS) to protect your data from being intercepted during transmission.
- Periodically monitor the recent device login history from your account settings.
Anyone who is a victim of an account takeover or Internet scam should report it to the FBI Internet Crime Complaint Center (IC3) at www.ic3.gov.