Skip to main content

Warning: Hackers could take over your email account by stealing cookies, even if you have multi-factor authentication (MFA)

 



Posted: November 5, 2024 by Pieter Arntz

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up.

Here’s how it works.

Most of us don’t think twice about checking the “Remember me” box when we log in. When you log in and the server has verified your authentication—straight away or after using MFA–the server creates a session and generates a unique session ID. This session ID is stored in a session cookie (or a “Remember-Me cookie” as the FBI calls it) on your browser, which is typically valid for 30 days.

Every time you return to that website within the time frame, you don’t need to log in. That’s really convenient… unless someone manages to steal that cookie from your system.

If someone steals the session cookie, they can log in as you—even if you have MFA enabled.

This is particularly relevant for email handlers that have an online—webmail—component. This includes major players like Gmail, Outlook, Yahoo, and AOL.

With access to your email account, a cybercriminal can find a lot of useful information about you, such as where you bank, your account numbers, your favorite shops, and more. This information could then be used for targeted cyberattacks that only mention information relevant to you, leaving you more likely to fall for them.

Cybercriminals could use your account to spread spam and phishing emails to your contacts. And perhaps most worrying of all, once an attacker is in your email account they can reset your passwords to your other accounts and login as you there too.

How do these criminals get their hands on your session cookies? There are several ways.

On very rare occasions, session cookies can be stolen by you visiting a malicious website, or via a Machine-in-the-Middle (MitM) attack where a cybercriminal can intercept traffic and steal cookies if they’re not protected by HTTPS on an unsecured network.

However, session cookies are usually stolen by malware on the your device. Modern information-stealing malware is capable of, and even focuses on, stealing session cookies as part of its activity.  

How to keep your email account safe

There are a few things you can do to stay safe from the cookie thieves:

  • Use security software on every device you use.
  • Keep your devices and the software on them up to date, so there aren’t any known vulnerabilities on them.
  • Decide whether you think it’s worth using the Remember me option. Is convenience worth the risk in this situation?
  • Delete cookies, or—even better—log out when you are done. That should also remove or invalidate the session ID from the server, so nobody can use it to log in, even if they have the session cookie.
  • Only visit sites with a secure connection (HTTPS) to protect your data from being intercepted during transmission.
  • For important accounts regularly check the log in history where you can see which devices logged in when and from where. You should be able to find this option in your account settings.

Comments

Post a Comment

Please no profanity or political comments.

Popular posts from this blog

Let the Truth be Told - Why a New NCUA Rule Could Jolt Credit Union Innovation

The National Credit Union Administration has finalized a rule to improve board and executive succession planning within the credit union industry. This strategic move aims to curb the trend of mergers driven by technological stagnation and poor succession strategies, ensuring more credit unions maintain their independence and enhance their technological capabilities. By Ken McCarthy, Manager of marketing communications at Tyfone Credit unions are merging out of existence because of an inability to invest in technology, the National Credit Union Administration Board wrote when introducing its now finalized rule on board succession planning. The regulator now requires credit unions to establish succession planning for critical positions in their organizations. But it’s likely to have even wider effects, such as preserving more independent charters and shaking up the perspectives of those on credit union boards. “Voluntary mergers can be used to create economies of scale to offer more or ...
Post a Comment
Read Complete Article HERE>»

Speakers & Sessions For NCOFCU 24 San Antonio TX.

National Council of Firefighter Credit Unions Inc (NCOFCU)  Speakers and Schedule! It is the National Council of Firefighter Credit Unions (NCOFCU) "GO TO Conference" for credit unions serving first responders! Who should attend? CEO's, VP's Directors and Staff See What's Planned Register Here! Bring your spouse, bring a guest to enjoy San Antonio, TX River Walk 4 Days Golf 16 + Sessions Alamo Reception Closing Dinner Right on the San Antonio River Walk Several Networking events Open Forums Idea Exchange Events Panel Discussions of CU Leaders National & Industry Speakers Trends in First-Responder Credit Unions Director & Volunteer Sessions Exhibitors ShowcaseAnd  So Much More! HOTEL REGISTER HERE
Post a Comment
Read Complete Article HERE>»

Armand Parvazi MBA CUDE - Last Friday marked his last day with New Orleans Firemen’s Federal Credit Union.

It’s been an incredible journey, but it’s bittersweet to announce that Friday marked my last day with New Orleans Firemen’s Federal Credit Union. We've accomplished so much together in my six years as Chief Administrative and Development Officer. Some of the highlights: Implemented a data-driven marketing strategy that delivers over 1,800% annual ROI. Developed automated triggers to ensure members receive the right offers at the right time. Grew assets by 61% and increased products per new member from 1.88 to 2.62. Converted online banking to enhance the member experience. Introduced a loan origination system for faster and more efficient loan processing. Transitioned to a mobile-first financial institution to meet members where they are. Pioneered the first Cancer Care loan pause program in the nation (in collaboration with Andy Janning ) Secured nearly $17 million in grants for our impactful work. Expanded our field of membership to 35 parishes and counties and added numerous fi...
Post a Comment
Read Complete Article HERE>»