Cybercriminals are hacking Gmail, Outlook and Yahoo email accounts. Even if the email ID has Multi Factor Authentication (MFA) feature, the accounts are not secure. At the beginning of this week, the Federal Bureau of Investigation (FBI) warned about the matter.
Malicious software is downloaded to users' computers when they 'visit suspicious websites or click on phishing links'. And this is how cyber criminals start hacking.
Hackers gain access to email by stealing 'cookies'. When you visit different websites, they store 'session cookies', 'security cookies' or 'remember me' cookies. As a result, users do not have to log in every time they enter the website. That is, cookies retain login information, allowing you to access your account quickly and easily. But cybercriminals can steal these cookies and gain access to user accounts.
This type of threat affects all email platforms that require a website login. However, Gmail, Outlook, Yahoo and AOL are the most vulnerable to this threat. The same threat applies to other accounts as well. Eg: shopping sites and financial platforms.
According to the FBI, this type of cookie is stored by the website only when the user ticks the 'Remember this device' checkbox when logging in to the website. If a cybercriminal gets a 'remember me' cookie in a user's web email during a recent login, they can sign in as a user using that cookie. That's why hackers don't need usernames, passwords or multi-factor authentication (MFA).
Cookie theft has been in the news a lot lately. Google and other browsers, including Chrome, continue to prevent such theft. These new initiatives will link cookies to devices and apps. This makes cookies ineffective if they are stolen. However, this process is still in its early stages and cookie theft is still a major problem.
Following methods can be followed to prevent this type of hacking-
- Delete cookies from your internet browser regularly.
- Be careful about clicking the 'Remember Me' checkbox when logging in. Understand the risks.
- Avoid clicking on suspicious links or websites. Use only sites with secure connections (ATTPS) to prevent theft of your data.
- View the list of recently logged-in devices and time from account settings.
The FBI did not issue warnings to discourage use of the MFA feature. This feature helps keep your account safe. Be aware of what is being downloaded and installed on your device with the use of this feature. And it is better to use this feature on platforms where passkey facility is available.
References: Forbes
