Important Security Alert: Protect Your Personal Email Accounts

Memo

Nov 13

We are writing to inform you about a recent security warning issued by the FBI regarding a new method hackers are using to target users of popular email platforms such as Gmail, Outlook, AOL, and Yahoo.

Cyber threat actors are utilizing a technique known as “session cookie theft” to gain unauthorized access to email accounts. This method allows hackers to bypass multi-factor authentication (MFA) by stealing “remember-me” cookies that store authentication details. Once these cookies are obtained, hackers can access your email accounts without needing your password or MFA code.

A cookie can only be stolen via two ways: via your computer, or via the network you are using to communicate with the internet.

To protect yourself from this threat, we recommend the following actions:

Protect your computer and accounts by:

Keep your browser and operating system up to date to protect against known vulnerabilities. Do not delay updates when they are offered.
Use a good anti-malware system on your personal devices (including Apple Macs) such as: Sophos, Bitdender, and ESet.
Be Cautious with “Remember Me” Options: Do not use “Remember Me” on public or shared devices.
Monitor Account Activity: Regularly check your account activity for any unauthorized access or unusual behavior. For Google email: https://myactivity.google.com/myactivity/

Protect your network access by:

Use a personal VPN service such as NordVPN for all network access that prevent network-based cookie theft, and block access to known bad sites. https://nordvpn.com/pricing/
Configure your home networks to use a DNS service that blocks access to known bad sites such as Cloudflare for families https://developers.cloudflare.com/1.1.1.1/setup/

How Do You Know If You’re Being Targeted?

Early detection of cookie theft helps protect your online accounts and personal information. Understanding the subtle signs of compromised cookies can help you take quick action to secure your network and data further or avoid identity theft and financial implications.

You may be a victim of cookie theft if you:

Detect suspicious account activity: Look for unauthorized logins, posts, or transactions on your online profiles that you did not initiate.
Receive unexpected password reset notifications: Identify unrequested password reset messages as potential evidence of exploited access.
Discover unforeseen changes to settings: See if your email addresses, phone numbers, or credentials have been changed without your permission.
Experience repeated logouts: Observe if you’re constantly and abruptly getting logged out of an account, as it may be a sign of session hijacking.
Get unusual login notifications: Look for alerts regarding logins from unknown devices or places, which could indicate unwanted access.
Spot strange network traffic: Monitor unexpected data transfers or connections to unknown servers, which may indicate cookie-related compromises.
Observe random browser behavior: Notice if your browser redirects to suspicious sites or behaves weirdly. This could indicate unwanted interference.
Receive security software alerts: Inspect any antivirus or security software alerts regarding detected network threats or suspicious activities in your browser.
Notice increased spam or phishing messages: Examine if there’s a surge in spam or phishing attempts that could be targeting accounts via stolen cookies.
Find unidentified devices in security logs: Look for new devices in your account’s security settings that you don’t recognize, which could indicate unauthorized access. For our clients who have subscribed to Seraphic, it provides an additional layer of protection to your company-owned devices by encrypting the session cookies so that they cannot be used by a 3rd parties.