The FBI has issued a warning to users of popular email services, including Gmail, Outlook, Yahoo, and AOL, about a rise in cybercriminal activities that compromise email accounts, even those protected by multifactor authentication (MFA). Cybercriminals are tricking users into visiting suspicious websites or clicking on phishing links that download malicious software onto their computers. One of the main methods they use to gain access to email accounts is cookie theft.
These session or security cookies, often called “remember me” cookies, store login credentials to make it easier to access frequently used websites and accounts. Cookie theft can allow criminals to sign into users’ accounts without needing their username, password, or MFA. The FBI says this method works especially well when a user clicks the “Remember this device” checkbox during login.
“This problem affects all email platforms with web logins, although Gmail, Outlook, Yahoo, and AOL are the largest targets,” says cybersecurity expert Zak Doffman. “It also impacts other types of accounts such as shopping sites and financial platforms.”
Google has been warning users about cookie theft and working on new ways to prevent it. However, the threat is still big as cybercriminals keep coming up with new strategies.
The FBI urges users to take these steps to protect their accounts:
1. Regularly clear cookies from your Internet browser. 2.
Be careful about clicking the “Remember Me” checkbox when logging into websites.
FBI urges caution on email security
3.
Avoid clicking on suspicious links or visiting unsecured websites. 4. Regularly check recent device login history in account settings.
The FBI also stresses that MFA is still one of the best steps users can take to secure their accounts, despite the vulnerabilities highlighted in their warning. Google agrees, calling security cookies “fundamental to the modern web” because of how useful they are, but admitting they are a tempting target for attackers. Organizations should also use MFA across all platforms.
Recently, Amazon added MFA to its enterprise email service, WorkMail. Though it took a long time to implement, it’s a good step toward better security. In the end, any form of MFA is better than just using a password.
Users should take all necessary steps to protect their accounts by combining good security habits with the latest protective tools available. If you think you have been a victim of cybercrime, report it to the FBI’s Internet Crime Complaint Center (IC3). For more detailed information on how to protect your online security, visit the official FBI website.