Google provides a wide array of free services, so extensive that it is nearly impossible not to be a user of the company. Through its search engine—the most used globally—Google offers numerous platforms, such as Gmail, Google Maps, and YouTube, to name the most famous ones.
This makes Gmail the most popular email service worldwide—at the very least, users need an account to access other services provided by the tech giant. According to ‘Demandsage’ data, Gmail is projected to have over 1.8 billion users globally in 2024, a fact that has not gone unnoticed by cybercriminals.
Gmail is one of the prime targets for criminals to send fraudulent emails and is now the basis for a new fraudulent method that can compromise Gmail accounts and everything associated with them, including social media, platform accounts, or even banking communications, as reported by the Spanish newspaper ‘El Economista.’
According to cybersecurity experts from the FBI, there has been an increase in attacks exploiting a vulnerability related to session cookies. Through this method, hackers can bypass even two-factor authentication systems, which were previously one of the most robust and effective security measures.
Like most attacks, this begins with user error, such as accessing a fraudulent website or clicking on a malware-laden link. In either case, malicious software is downloaded onto the device, enabling the attack.
This software allows hackers to steal login cookies, which are essentially files that store our login data so we don’t have to repeatedly enter passwords. By replicating these cookies, attackers gain access to all accounts marked with “Remember on this device” without needing to know the username, password, or two-factor authentication codes.
The FBI’s recommendations for protection include:
- Regularly delete cookies from your internet browser.
- Avoid selecting the “Remember on this device” option when logging in.
- Only access websites with secure connections (HTTPS).
- Periodically review your login history in your account settings.
Google has acknowledged that cookie theft affects users across the web and is actively working on new solutions. The company believes that security cookies are a lucrative target for attackers and warns that this issue will likely worsen over time.
Executive Digest, 11/07/2024
