Hackers are swiping cookies to bypass email security, FBI says

· UPI

Oct. 31 (UPI) -- Cyber criminals are stealing cookies from people's computers to access their email accounts, the FBI Atlanta Division warned on Thursday.

Cookies are small bits of data that websites send to computers to remember the login information and other data for individual online visitors.

Advertisement

A "remember-me" cookie specifically remembers a user's login information and usually lasts for about 30 days before it expires, the FBI Atlanta said Thursday in a news release.

That's the type of cookie the FBI says online hackers are targeting to enable them to bypass multi-factor authentication and gain access to people's email accounts.

Related

The cookie makes it easier for people to login without needing to keep track of their usernames, passwords or multi-factor authentication.

Visitors activate the remember-me cookie by clicking a "remember this device" checkbox after logging on to a website.

When a hacker obtains a remember-me cookie used by someone to access an email account, the FBI says a cybercriminal can use it to bypass the email service's multi-factor authentication that normally would require inputting a username and password.

Because remember-me cookies bypass security measures, cybercriminals have made them the preferred way to hack into people's email accounts.

Advertisement

Many victims unknowingly give their cookies to hackers while visiting shady websites or clicking on phishing links that load malicious software onto personal computers.

The FBI is advising people to regularly remove cookies from Internet browsers, avoiding suspicious links or websites and only visiting websites that use HTTPS secure connections.

People also should monitor their recent device login history by using their account histories to spot unusual activity.

Anyone who has had an account taken over by a hacker or has fallen prey to an online scam can report it to the FBI Internet Complaint Center at www.ic3.gov.