Cookie theft: From stolen credit card details to extortion

Issue 4 2021 News & Events

New research by NordLocker demonstrates that the cookies your browser stores when you visit various websites can get easily snatched by computer viruses. According to the latest discovery, over 2 billion cookies from popular online services like AliExpress, Amazon, Facebook, Dropbox and YouTube were stolen from unaware users’ machines by custom Trojan malware.

“Cookies give you a tailored online experience with more relevant content. For example, online shopping cookies let the website keep track of all the items you place in your cart while you continue to browse,” explains Oliver Noble, a cybersecurity expert at NordLocker. “However, cookies can also help cybercriminals construct a detailed picture of you, including your location, interests and habits. If hackers hijack your cookies, they might impersonate you and even get into your online accounts.”

How can cybercriminals use your cookies?

Cookies, small text files containing data about your interaction with a website, often get hacked when a user logs in to their online accounts over unprotected public Wi-Fi networks or unintentionally downloads malware onto their device. Different cookies store different data, which, when leaked, can cause different problems to a victim.

“Luckily, hackers won’t be able to empty your bank account with the cookies stolen from your online banking session due to strong security measures. However, bad actors can learn important details about the bank you use and timestamps of your transactions. This data can be used in phishing scams, when hackers contact unaware users pretending to be the bank’s representatives to trick their victims into giving away their personally identifiable information,” Noble explains.

Stolen cookies can be used in extortion scams, too. For example, NordLocker’s research found that malware stole millions of YouTube, Netflix and Pornhub cookies. “In video streaming services, cookies provide you with an enjoyable experience as they remember what videos you’ve already watched and which ones you might be interested in watching next. However, they also reveal your location, timestamps, site preferences and your search history – all of which could provide grounds for extortion if a hacker decided to share information with your employer that you’ve been watching inappropriate content during work hours,” warns Noble.

Cybercriminals pretending to be you on social media and sending spam to your contacts is unpleasant, but what is more worrying is when they get into your online accounts where you store your personal information, such as home address and credit card details. To avoid falling victim to cookie theft or session hijacking, you need to follow some cyber hygiene steps.

How to avoid risks associated with website cookies?

* Don’t accept cookies. If you don't want cookies to hold information about you, decline them. Some websites won’t let you access their content, but, for the most part, you'll still be able to access the majority of the Internet without accepting cookies.

* Delete your cookies and block any future ones in your browser’s settings if you don’t like the idea of being tracked and traced.

* Only accept cookies on sites you trust to be safe and secure. A little padlock symbol and the URL starting with “https://” (“s” stands for “secure) means that the connection between the website server and your web browser is encrypted.

* Don’t store your valuable information in your online shopping accounts. Better spend another minute or two typing your credit card details and home address every time you shop online than risk getting this information compromised in cookie theft.

* Refrain from unsecure websites and unprotected public Wi-Fi networks. Use the latter for Internet browsing only, but, if you must log in to your personal accounts, protect your connection with a VPN (virtual private network).




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
The rise of AI-powered cybercrime and defence
Information Security News & Events AI & Data Analytics
Check Point Software Technologies launched its inaugural AI Security Report, offering an in-depth exploration of how cybercriminals are weaponising artificial intelligence (AI), alongside strategic insights defenders need to stay ahead.

Read more...
From the editor's desk: We’ve only just begun
Technews Publishing News & Events
The surveillance market has expanded far beyond the analogue days of just recording and/or monitoring screens. The capabilities of surveillance technology today extend to black screen monitoring with ...

Read more...
SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...
Strong industry ties set Securex South Africa apart
News & Events Training & Education
Securex South Africa, co-located with A-OSH EXPO, Facilities Management Expo, and Firexpo, is a meeting place of minds, where leading security, safety, fire, and facilities professionals come together, backed by strong ties with the industry’s most influential bodies.

Read more...
Connected commercial drone market to reach US$37.3 billion
News & Events Commercial (Industry) IoT & Automation
The global market for connected commercial drones is forecast to grow from US$18.6 billion in 2024 at a compound annual growth rate (CAGR) of 15% to reach US$37.3 billion in 2029

Read more...
Phishing attacks through SVG image files
Kaspersky News & Events Information Security
Kaspersky has detected a new trend: attackers are distributing phishing emails to individual and corporate users with attachments in SVG (Scalable Vector Graphics) files, a format commonly used for storing images.

Read more...
Fully-integrated browser AI
News & Events
Opera Mini now provides all its smartphone users with its own free built-in browser AI, Aria, including AI chat, Ask Aria and image generation. According to an Opera survey, 80% of South Africans want AI tools integrated into their browser.

Read more...
Amendments to the Private Security Industry Regulations
Technews Publishing Agriculture (Industry) News & Events Associations
SANSEA, SASA, National Security Forum, CEO, TAPSOSA, and LASA oppose recently published Amendments to the Private Security Industry Regulations regarding firearms.

Read more...
Local innovation driving excellence in FM
Securex South Africa News & Events
As organisations seek cost-effective, sustainable, and high-quality solutions, home-grown facilities management innovation is proving to be a critical driver of operational efficiency and long-term success.

Read more...