Cybercriminals steal cookies to get into your accounts: how to stay safe


Cybercriminals are stealing cookies, specifically Remember Me cookies, to bypass multi-factor authentication and access users’ emails, the FBI has warned.

The FBI Atlanta division is warning the public of a rising cookie-stealing issue affecting the area in which cybercriminals use Remember Me cookies to log in to users’ accounts.

Cybercriminals are reportedly using various methods to access users' accounts through cookies. The crooks may use malware to infect victims’ devices, or victims may visit suspicious websites, click phishing links, or unknowingly download malware onto their devices.

ADVERTISEMENT

As cybercriminals can bypass multifactor authentication, a security method that acts as another layer of protection on top of your password, through cookies, it’s becoming a more coveted way of entry into a victim’s account.

Niamh Ancell BW vilius Paulius Grinkevicius Gintaras Radauskas
Don’t miss our latest stories on Google News

A cookie is a little piece of data or a text file that websites use to remember information about you and track your online behavior.

These cookies may be stored in your browser or cached, waiting to be exploited by cybercriminals.

Cybercriminals most commonly harvest cookies through malware. Once the malware is on your computer, it hunts for databases where cookies are stored.

In a previous interview with Cybernews, Trevor Hilligoss, former FBI digital crime expert and current Vice President of SpyCloud Labs, said that most browsers store cookies in a database locally.

ADVERTISEMENT

When you visit, say, your bank’s website, you enter your username and password and click "log in." The browser then saves this cookie into a database on your device so that you can access your account more easily when you next log in.

Hilligoss also explained that malware, like a browser, will access the same database to check for cookies for banks or other services. Then, those tokens will be exported to a file locally on the victim’s device, bundled up with other system and user information, such as the screen resolution, CPU model, RAM amount, operating system, etc.

“All kinds of device-based information is going to get bundled up and then sent off to the attacker. At that point, the attacker’s able to become you,” Hillgloss said.

For example, cookies, specifically Remember Me cookies, help people log in to their accounts faster. They are tied to users’ login details and last for around 30 days before expiring, the FBI said.

This cookie is served to users so they don’t have to keep putting their credentials into certain sites they frequent. What’s perhaps most attractive about Remember Me cookies is that users don’t have to verify their identity using multi-factor authentication.

This means that cybercriminals can use stolen cookies to bypass multifactor authentication methods and hijack victims' accounts.