The FBI has issued a warning to Gmail users: a new attack uses session cookies to steal logins, bypassing two-factor authentication. Here’s how to protect yourself.
Gmail users are at risk of being the next target of an online threat, according to the FBI.
Google’s email service has become an everyday tool for millions of people. With over 1.8 billion users expected by 2024, Gmail has become a favorite target for cybercriminals, attracting the attention of the FBI, which recently issued an urgent alert.
This alert highlights a new type of cyberattack that exploits a vulnerability in session cookies, a system that stores user login data to facilitate their navigation and access to online services. By stealing these cookies, hackers can access all the accounts associated with the user, even bypassing two-factor authentication, one of the most widespread and so far considered reliable security measures.
These attacks, as explained by the FBI, almost always start with a user error, often due to clicking on dangerous links or downloading malicious software, which allows attackers to steal login cookies.
As a result, criminals are able to replicate the victim’s device, accessing all the data and applications associated with their Gmail account. Here’s how to recognize the threat and how to protect yourself.
Gmail, how the new attack works and why it is so dangerous
Attacks based on cookie theft exploit the tendency of users to select the option "Remember on this device" when accessing their accounts. Session cookies are files saved on users’ devices that allow them to avoid entering credentials at each access, keeping the session open on the various websites.
While this method makes the browsing experience easier, it also presents an opportunity for cybercriminals, who can steal cookies to gain full access without having to know your username, password, or authentication codes. This attack is particularly insidious because it bypasses two-factor authentication (2FA), which is considered one of the most effective security measures against phishing and other types of online attacks.
These attacks often start with “phishing”, a technique that tricks victims into clicking on malicious links or downloading software containing malware. Once the device is infected, the malware steals session cookies and allows hackers to access protected accounts.
This type of intrusion can have serious consequences: in addition to accessing Gmail, hackers can gain access to social networks, bank accounts, and other sensitive platforms linked to your Google account. Affected users may not realize they have been hacked until their accounts undergo abnormal activity, putting not only their personal data, but also their money and sensitive financial information at risk.
Gmail, here’s how to protect yourself from the new cyber attack according to the FBI
To counter this type of attack, the FBI has suggested a series of preventive actions that can reduce the risk of intrusion. First, it is advisable to regularly delete cookies from your browser to prevent sensitive information from being stored for too long.
In addition, you should avoid using the "Remember on this device" option, especially on shared or unsecured devices. Connecting exclusively to HTTPS sites (which guarantee an encrypted and more secure connection) is another essential measure, as HTTP sites are more vulnerable to attacks. Finally, the FBI recommends periodically checking the history of access in your Gmail account settings to identify any suspicious activity.
Google, meanwhile, said it is working on new solutions to improve user protection. The company acknowledged that cookie theft is a growing problem, and one that could intensify in the coming years as cybercriminals develop more sophisticated techniques.
Google’s enhanced measures could include better encryption of cookies or the creation of even more secure authentication systems. However, the first line of defense remains in the hands of users, who must be especially careful about their online security.
Original article published on Money.it Italy 2024-11-07 22:00:00. Original title: Allarme Gmail lanciato direttamente dall’Fbi, ecco cosa bisogna fare subito
