FBI Warning: “Remember Me” Cookies Put Your Email at Risk

state-sponsored threat actor

The Federal Bureau of Investigation (FBI) Atlanta Division has issued an urgent warning to the public about a surge in cybercriminals exploiting “Remember-Me” cookies to gain unauthorized access to email accounts. Cybercriminals are increasingly using these cookies, small pieces of data stored on a user’s computer after logging into a website, to circumvent security measures, including passwords and multifactor authentication (MFA).

According to the FBI, cybercriminals are specifically targeting “Remember-Me” cookies, which allow users to stay logged in without re-entering credentials or MFA details each time they access their accounts. “Cybercriminals are gaining access to email accounts by stealing cookies from a victim’s computer,” the FBI states, explaining that these cookies are often stored for 30 days, depending on the site’s settings.

Remember-Me cookies

Image: FBI

These cookies, typically generated when users check the “Remember this device” box while logging in, store login session data to ease future logins. However, if a cybercriminal manages to obtain these cookies from a recent login session, they can access a user’s account as if they were the legitimate owner, bypassing any need for a password or MFA. The FBI cautions, “If a cybercriminal obtains the Remember-Me cookie from a user’s recent login to their web email, they can use that cookie to sign-in as the user without needing their username, password, or multifactor authentication.”

In many cases, victims unknowingly expose themselves to cookie theft by visiting malicious websites or clicking on phishing links. These tactics can install malware on the user’s device, which then captures and transmits cookies to the attacker. “Victims unknowingly provide their cookies to cybercriminals when they visit suspicious websites or click on phishing links that download malicious software onto their computer,” warns the FBI.

The FBI recommends several preventative measures:

  • Clear your cookies regularly: Regularly deleting cookies from your browser can prevent criminals from obtaining stored login information.
  • Think twice before clicking “Remember Me”: While convenient, this feature increases your risk if your device is compromised.
  • Avoid suspicious links and websites: Only visit websites with secure connections (HTTPS) to protect your data.
  • Monitor your login history: Regularly check your account settings for any unrecognized device logins.

Related Posts: