Google's Gmail, the world's most popular email service with over 1.8 billion users expected by 2024, is facing increased cybersecurity threats. Cybercriminals are exploiting a vulnerability related to session cookies, allowing them to bypass two-factor authentication and gain unauthorized access to user accounts.
This alarming trend begins with victims falling prey to phishing attacks, either by visiting fraudulent websites or clicking on malicious links. Once malware is downloaded, hackers can steal login cookies, which store access credentials, enabling them to infiltrate accounts without needing usernames or passwords.
The FBI recommends several protective measures: regularly deleting browser cookies, avoiding the 'Remember this device' option during logins, accessing only secure (HTTPS) websites, and periodically reviewing account login histories.
In response to these threats, Google acknowledges the widespread impact of cookie theft on its users and is actively working on new security solutions. The company recognizes that security cookies are increasingly lucrative targets for cybercriminals and anticipates that this issue will escalate over time.