Skip to main content

Warning: Hackers could take over your email account by stealing cookies, even if you have multi-factor authentication (MFA)

 



Posted: November 5, 2024 by Pieter Arntz

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up.

Here’s how it works.

Most of us don’t think twice about checking the “Remember me” box when we log in. When you log in and the server has verified your authentication—straight away or after using MFA–the server creates a session and generates a unique session ID. This session ID is stored in a session cookie (or a “Remember-Me cookie” as the FBI calls it) on your browser, which is typically valid for 30 days.

Every time you return to that website within the time frame, you don’t need to log in. That’s really convenient… unless someone manages to steal that cookie from your system.

If someone steals the session cookie, they can log in as you—even if you have MFA enabled.

This is particularly relevant for email handlers that have an online—webmail—component. This includes major players like Gmail, Outlook, Yahoo, and AOL.

With access to your email account, a cybercriminal can find a lot of useful information about you, such as where you bank, your account numbers, your favorite shops, and more. This information could then be used for targeted cyberattacks that only mention information relevant to you, leaving you more likely to fall for them.

Cybercriminals could use your account to spread spam and phishing emails to your contacts. And perhaps most worrying of all, once an attacker is in your email account they can reset your passwords to your other accounts and login as you there too.

How do these criminals get their hands on your session cookies? There are several ways.

On very rare occasions, session cookies can be stolen by you visiting a malicious website, or via a Machine-in-the-Middle (MitM) attack where a cybercriminal can intercept traffic and steal cookies if they’re not protected by HTTPS on an unsecured network.

However, session cookies are usually stolen by malware on the your device. Modern information-stealing malware is capable of, and even focuses on, stealing session cookies as part of its activity.  

How to keep your email account safe

There are a few things you can do to stay safe from the cookie thieves:

  • Use security software on every device you use.
  • Keep your devices and the software on them up to date, so there aren’t any known vulnerabilities on them.
  • Decide whether you think it’s worth using the Remember me option. Is convenience worth the risk in this situation?
  • Delete cookies, or—even better—log out when you are done. That should also remove or invalidate the session ID from the server, so nobody can use it to log in, even if they have the session cookie.
  • Only visit sites with a secure connection (HTTPS) to protect your data from being intercepted during transmission.
  • For important accounts regularly check the log in history where you can see which devices logged in when and from where. You should be able to find this option in your account settings.

Comments

Post a Comment

Please no profanity or political comments.

Popular posts from this blog

Growing Your Credit Union Without Expanding Your FOM

For many firefighter and other credit union primarly serving first responders, growth often feels tied to one big decision: expanding the Field of Membership (FOM). But what if you didn’t have to? What if growth could come from within —by deepening relationships, increasing engagement, and capturing more of the financial lives of the members you already serve? The truth is: it can. But it requires a shift in strategy. Rethinking What “Growth” Really Means Most institutions define growth as adding more members. But for single-sponsor credit unions, especially those serving first responders, a more powerful definition is: Growth = more value per member Many members only use one or two products—often a checking account and maybe an auto loan. Meanwhile, larger banks capture mortgages, credit cards, and investments. The opportunity isn’t just new members. It’s: More products per member Higher balances per relationship Greater share of wallet Your Biggest Advantage: The First Responder Life...
Post a Comment
Read Complete Article HERE>»

When Vendors Price for Giants

 Grant Sheehan CCUE | CEO Opinion: When Vendors Price for Giants, They Shrink the Future of Small Credit Unions ! There’s a quiet squeeze happening in the credit union industry, and it’s not coming from regulators or competition from big banks. It’s coming from the very vendors that claim to support the ecosystem. For small credit unions, the problem is increasingly simple and factual: the tools required to compete with digital banking platforms, fraud systems, compliance software, analytics, and payments infrastructure are priced for institutions ten or even 100 times their size. The result is a market where access to essential services is determined not by mission or member need, but by asset size. This isn’t just inconvenient. It’s structurally threatening. Vendors often defend their pricing models as a reflection of complexity or scale. Larger credit unions have more users, more transactions, more integrations, so they pay more, and that seems fair on the surface. But t...
Post a Comment
Read Complete Article HERE>»

Credit Union Lending Picks Up in Most Areas

Credit unions were increasing their portfolios in most areas in June, except business lending and new car loans, where portfolios fell for the 24th month in a row after seasonal adjustments, according to a CUNA Mutual Group report released Tuesday. The Madison, Wis., trade group’s Credit Union Trends Report showed new auto loan balances were $141 billion on June 30, falling at a 3.3% seasonally adjusted, annualized rate from May to June, part of the May-through-October peak car-buying season. Credit unions held $252.4 billion in used car loans on June 30, up 1.2% from May without seasonal adjustments. The Trends Report made slight adjustments to CUNA’s Monthly Credit Union Estimates released earlier in the month. In this case, its changes allowed total auto loan balances to show a slight 0.3% un-adjusted May-to-June gain, compared to being flat in the CUNA report. Steve Rick, chief economist for CUNA Mutual Group and the report’s author, said gains were stronger in other areas, includ...
Post a Comment
Read Complete Article HERE>»

The FedNow Service will launch in 2023 "Are you ready?"

The FedNow Service is a new instant payment service that the Federal Reserve Banks are developing to enable financial institutions of every size, and in every community across the U.S., to provide safe and efficient instant payment services in real-time, around the clock, every day of the year. Through financial institutions participating in the FedNow Service, businesses and individuals will be able to send and receive instant payments conveniently, and recipients will have full access to funds immediately, giving them greater flexibility to manage their money and make time-sensitive payments. Consistent with the Federal Reserve’s historical role of providing payment services alongside private-sector providers, the FedNow Service will provide choice in the market for clearing and settling instant payments as well as promote resiliency through redundancy. Financial institutions and their service providers will be able to use the service as a springboard to provide innovative instant p...
Post a Comment
Read Complete Article HERE>»

Facial recognition to secure payments will exceed 1.4 billion globally by 2025

BASINGSTOKE, U.K.– The number of users of software-based facial recognition to secure payments will exceed 1.4 billion globally by 2025, from just 671 million in 2020, according to a new study from Juniper Research. “This rapid growth of 120% demonstrates how widespread facial recognition has become; fueled by its low barriers to entry, a front-facing camera and appropriate software,” Juniper said, noting the research identified the implementation of FaceID by Apple as accelerating the growth of the wider facial recognition market, despite the challenges to facial recognition during the pandemic with face mask use. The research recommends that facial recognition vendors implement robust and rapidly evolving AI based verification checks to ensure the validity of user identity, or risk losing user trust in the authentication method as spoofing attempts increase, Juniper reported. Fingerprint Sensors The new research, Mobile Payment Authentication: Biometrics, Regulation & Market Fore...
Post a Comment
Read Complete Article HERE>»

Credit unions lending rose at a faster pace in most sectors than the small banks last year, according to data released this week by the FDIC and CUNA Mutual Group.

What credit unions lacked in size they made up for in speed compared with community banks and savings institutions in 2017. Credit unions lending rose at a faster pace in most sectors than the small banks last year, according to data released this week by the FDIC and CUNA Mutual Group. CUNA Mutual’s monthly  trends report  showed credit unions held $984.8 billion in total loans at Dec. 31, up 10.7% from a year earlier and a growth rate more than twice as fast as community banks. Credit union assets rose 6.3% to $1.4 trillion due to a 6.3% increase in deposits, a 3% drop in borrowings and a 7.7% increase in capital. With loan balances growing faster than assets, the loan-to-asset ratio ended 2017 at 70.4%, up from 67.5% a year earlier. The fast loan growth also helped loan delinquency rates fall to 0.79% in December, down from 0.83% a year earlier, according to CUNA Mutual. The FDIC’s Quarterly Banking Profile showed loans at the nation’s 5,670 community banks ...
Post a Comment
Read Complete Article HERE>»

Don't say NO to your members anymore!

Does the following scenario occur at your credit union? If it does, we have a solution for you! A member comes in into your credit union and wants to know if you will loan them a couple of hundred thousand $$$ to buy a building, or can you loan him some seed money to start a new business or purchase equipment for the company they currently own, and you say,  “the credit union doesn't do those kinds of loans”.  Does this sound familiar? How many times do you and your staff say NO and literally tell a member to  “go down the street or go somewhere else” ?  Well, now, you have another option.   CU First Responders Finance (CUFR) CU First Responders Finance, LLC (CUFR)  is a partnership between the National Council of Firefighter Credit Unions, Inc.   (NCOFCU) , and Biz Lending & Insurance Center, Inc. to provide business lending origination programs to NCOFCU member credit unions. CUFR  will provide you with a turnkey operati...
Post a Comment
Read Complete Article HERE>»

Americans are using alternative financing arrangements, such as rent-to-own

CUToday PHILADELPHIA–Many Americans are using alternative financing arrangements, such as rent-to-own, that a new report from Pew Charitable Trusts indicates are generally riskier, more costly, and subject to far weaker consumer protections and regulatory oversight than traditional mortgages. Pew Trusts sad the “evidence suggests that a shortage of small mortgages, those for less than $150,000, may be driving some home borrowers (i.e., people who purchase a home with financing) who could qualify for a mortgage into these alternative arrangements. And other factors related to a home’s habitability and the ownership of the land beneath a manufactured home—the modern version of a mobile home—can make certain homes ineligible for mortgage financing altogether.” According to Pew, the evidence of potential consumer harm, little is known about the prevalence of alternative financing in the U.S., primarily because no systematic national data collection exists. Pew said approximate...
Post a Comment
Read Complete Article HERE>»

What should your credit union budget for in 2025?

As we enter the fourth quarter, many credit union leaders are starting to turn their attention toward planning for 2025. With a myriad of options and new technology, it’s crucial to prioritize services that set credit unions apart while encouraging growth. In this article, we explore several key areas credit unions should consider when preparing their budgets for the coming year. Expanding membership One significant trend shaping the financial landscape is the exodus of big banks from rural communities . This presents a golden opportunity to expand membership to new communities. However, this expansion doesn’t necessarily require traditional brick-and-mortar branches. Credit unions can leverage technology to provide services efficiently and cost-effectively. Some alternative service delivery methods include: Interactive Teller Machines (ITMs) : These advanced ATMs allow members to interact with a live teller via video, providing a personal touc...
Post a Comment
Read Complete Article HERE>»

Mike Richards CPA Industry Trends

Weekly News Summary Here are some things that were in the news last week. Please share these articles with your Supervisory Committee and Board of Directors. If you missed previous editions of the weekly news, summaries of those can be viewed at our archive.    Happy Holidays! Mike Richards, CPA      Economic and Industry Issues Knowledge is the key to effective corporate governance. Staying abreast of economic and industry issues affecting your credit union will prepare you for those responsibilities. Facing year-end cut off, U.S. banks scramble to extend COVID accounting relief Read More  NCUA Quarterly U.S. Map Review – Third Quarter 2020 Read More  Payments Trends In The Age of Coronavirus Read More  The lasting impact of COVID-era audits Read More   Regulatory and Accounting Issues ...
Post a Comment
Read Complete Article HERE>»