FBI tips: How to protect your email accounts from cybercriminals

FILE PHOTO

As cybercriminals become more sophisticated, email users are increasingly at risk—even those who use multifactor authentication (MFA). 

The FBI has issued a recent warning for users of major email platforms such as Gmail, Outlook, AOL and Yahoo, highlighting a new tactic hackers are using to gain unauthorized access: “Remember-Me” cookies.

These “Remember-Me” or “session” cookies save login credentials, allowing users to stay logged in across browsing sessions without re-entering their details. 

The FBI cautions that hackers are obtaining these cookies through phishing schemes, malicious websites and malware, allowing them to impersonate users without needing their login credentials or even their MFA codes.

To help users protect their accounts, the FBI, recommends four specific actions:

Regularly clear cookies from your browser

One of the most essential practices is to regularly clear cookies from your internet browser. Cookies can accumulate over time, storing sensitive session data that can become vulnerable if attackers gain access to them. By clearing cookies periodically, you help minimize the chances of unauthorized access to your accounts.

Reconsider the “Remember Me” option

While this option is often convenient, allowing users to bypass repetitive logins, it also increases the risk that a stolen cookie could grant unauthorized access. Avoiding this feature on critical accounts can help reduce potential entry points for cybercriminals.

Avoid suspicious links and websites

Vigilance around links and websites is equally crucial. Cybercriminals often use phishing schemes to lure users into clicking malicious links or visiting compromised websites, where malware can be silently installed. The FBI advises sticking to links from trusted sources and looking for websites that use HTTPS encryption, which offers a more secure connection and better data protection.

Monitor recent logins

Most email providers allow users to see a list of devices that have recently accessed their accounts. Checking this list periodically can help you detect any suspicious activity early, enabling you to take swift action if necessary, such as updating passwords or logging out of unfamiliar devices.

While these security measures are particularly relevant to email platforms, the underlying risks extend to any online account where users log in. In an era of increasing cyber threats, simple yet proactive security practices like these are essential for keeping your online accounts safe.