The FBI issues an alert: some hackers are now able to steal security cookies and “remember me” cookies. As a result, they successfully bypass multi-factor authentication. To protect yourself from this type of hacking, the FBI gives several tips.
FBI alert on a new type of hacking which is enough to despair the most cautious among us on the web. The reason? Some hackers are now able to hack online accounts thanks to… security cookies and “remember me” cookies. As a result, hackers are simply able to bypass multi-factor authentication (MFA). As a reminder, this is a security measure which consists of adding, for example, a telephone number or a second email address in order to strengthen the security of an online account.
But how is this possible? It all starts in a “traditional” way with a phishing attempt. The victim receives a message directing them to visit a fraudulent link, and once the victim clicks on the fraudulent link, malware is downloaded to their device.
This malware then attacks cookies. But this is not about cookies intended to track our online activity, this new type of hacking attacks security cookies and “remember me” cookies. These cookies are created to save our usernames and passwords so that we do not have to enter them each time we log in to a service on the web.
By stealing security cookies and “remember me” cookies, hackers get their hands on the victim’s connection authorizations and data which are pre-recorded.
The FBI explains: “ If a cybercriminal obtains the “remember me” cookie from a user’s recent login to their web email, they can use this cookie to log in as the user without needing their username. user, password or multi-factor authentication (MFA) ».
Currently, this type of hacking particularly concerns messaging services such as Gmail, Outlook and Yahoo. However, the FBI specifies that online sales sites and financial platforms have also been affected by this type of hacking.
But how can we protect ourselves from this particularly pernicious form of piracy? The FBI offers four tips. First, make sure to regularly clear cookies from your web browser. Second, we need to be more aware of the risks involved in “remember me” checkboxes. Although this feature is very convenient, it is not without risk. Third, never click on links that are not completely safe (phishing) and always favor sites with a secure connection (HTTPS). Finally, fourth, the FBI advises regularly monitoring the connection history on your device.
_
Follow Geeko on Facebook, Youtube and Instagram so you don’t miss any news, tests and good deals.
Receive our latest news directly on your WhatsApp by subscribing to our channel.
