What is Cookiejacking?
“Cookiejacking” may sound like someone taking a bite out of that delicious chocolate chip cookie you were planning to have after lunch, but it is actually an online security risk that could lead to your personal information falling into the hands of a cybercriminal.
But to understand this risk, you first need to know about Internet cookies. An Internet cookie is a small text file that gets stored on your computer or mobile hard disk from a website that you have previously visited, so the next time you’re on that site, it alerts the site that you’re back.
The cookie holds information such as an identifier the site assigns to you, and any preferences or personal information you may have shared with that website, such as your name and email address. Cookies are the reason why you may see a message that says “Welcome back, John” when you revisit a website.
Now that you know what an Internet cookie is, you can better understand cookiejacking. This is when your device’s cookies are stolen, potentially giving thieves access to the information they hold.
This can be problematic when the cookies stored on your computer contain sensitive and personal data, such as your bank login information and social media account passwords. A cybercriminal could use the stolen information to access your accounts or impersonate you.
Of course, clicking on links in malicious emails or on risky websites increases the odds that you could fall victim to cookiejacking, so the more dangerous clicking you do, the more at risk you are.
How do you avoid cookiejacking?
Here are a few simple tips to help you avoid falling victim to this security concern:
- Be careful where you click—Especially when playing games on social networks since this could be a trap set by a cookiejacker; all of your clicking will enable the thief to steal your cookies. Also be wary of links in emails, text messages and instant messages, especially if they’re from people you don’t know personally.
- Use a safe search tool—Utilize a free browser plug-in, like McAfee® SiteAdvisor® that warns you if you are going to a risky site. For Android users, this feature is available as part of the free McAfee Mobile Security.
- Consider using private browsing mode—The private browsing mode prevents access to cookie files already saved on your device, but more importantly, it stores cookies for the active session in memory. This means that a page crafted for cookiejacking cannot access older cookies nor active ones, because there is no path to them.
- Install comprehensive security on all your devices—Make sure you protect all your devices with security like McAfee LiveSafe™ service that includes anti-malware, anti-spam, anti-phishing and a firewall so that you are less likely to be a click-jacking victim.
Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.