Cybercrooks Are Stealing Browser Cookies to Hack Your Email

FBI Atlanta is warning that hackers are stealing netizens’ browser cookies to bypass the multi-factor authentication (MFA) security step and log into people’s email accounts.

The FBI Atlanta Division says “cybercriminals are gaining access to email accounts by stealing cookies from a victim’s computer,” presumably as part of a campaign targeting citizens of Atlanta, the capital of the US state of Georgia.

The attackers are after session cookies, or “remember-me cookies,” as the agency calls them, which “remember information about your session, such as login details, preferences, or items in your shopping cart,” according to the notice.

Convenience at your peril

Such “remember-me cookies,” the bureau elaborates, “are tied specifically to a user’s login and often last for 30 days before expiring. This type of cookie helps a user login without having to keep putting in their username, password, or their multifactor authentication (MFA).”

This type of cookie eliminates the hassle of having to log into a service every time you use it. It’s generated when users tick the familiar “remember me” or “remember this device” option.

“If a cybercriminal obtains the Remember-Me cookie from a user’s recent login to their web email, they can use that cookie to sign-in as the user without needing their username, password, or multifactor authentication (MFA),” the notice says.

Once inside the person’s email account, an attacker can obtain a trove of information on the victim, including sensitive personal data, banking data, ways to access other online accounts, and more. The information can also be used to craft socially engineered attacks, like phishing, further targeting the unsuspecting victim with persuasive scams.

“For these reasons, cybercriminals are increasingly focused on stealing Remember-Me cookies and using them as their preferred way of accessing a victim’s email,” the notice continues.

The warning notes that hackers typically get the cookies when victims do something to infect themselves with data stealing malware – meaning your first line of defense against such an attack is to practice good cybersecurity hygiene when surfing the web, avoid shady websites, and ideally run antivirus software on your machine.

“Victims unknowingly provide their cookies to cybercriminals when they visit suspicious websites or click on phishing links that download malicious software onto their computer,” the warning says.

How to keep attackers at bay

Bitdefender last year published a comprehensive guide on browser cookies, outlining which cookie prompts can be safely dismissed to keep our digital footprint at a minimum.

According to our Consumer Cybersecurity Assessment Report for 2024, netizens’ biggest fear when it comes to cybercrime is having their money stolen. Yet many respondents in our survey were complacent in their online habits, failing to apply even the most basic cybersecurity best practices to keep hackers and fraudsters at bay.

Bitdefender always recommends avoiding shady websites, like torrent sites and warez platforms – essentially piracy platforms that sometimes harbor the very data-stealing malware mentioned in the FBI’s advisory.

Phishing emails also carry (or lead to) malware infections if the unsuspecting user interacts with the message, by downloading an attached file, or by accessing a link to a rigged website.

For peace of mind, consider deploying a dedicated security solution on all your personal devices.

Keep our trusty Scamio at arm’s length. When in doubt about a certain email, ad, or text, share it with Scamio and let our AI-powered chatbot guide you to safety. And remember to always keep your browser patched with the latest security updates.