New York
17
clear sky

Social Media

FBI Issues Urgent Alert: Hackers Bypass Multi-Factor Authentication to Access Email Accounts

Cybercriminals Finding Ways to Infiltrate Email Accounts The FBI has issued a new alert warning that cybercriminals are finding ways to infiltrate email accounts secured with multi-factor authentication (MFA), including popular services like Gmail, Outlook, AOL, and Yahoo. Attackers reportedly employ tactics that trick users into clicking on phishing links or visiting suspicious websites that …

Picture of By Bryan Simmons,

By Bryan Simmons,

Senior Reporter, The Midtown Times

Cybercriminals Finding Ways to Infiltrate Email Accounts

The FBI has issued a new alert warning that cybercriminals are finding ways to infiltrate email accounts secured with multi-factor authentication (MFA), including popular services like Gmail, Outlook, AOL, and Yahoo. Attackers reportedly employ tactics that trick users into clicking on phishing links or visiting suspicious websites that install malicious software.

A primary strategy used in these attacks is “cookie theft.” Unlike tracking cookies that store browsing information, these “session” or “remember me” cookies retain login credentials to simplify future access. If cybercriminals capture these cookies, they can access accounts without needing usernames, passwords, or even MFA codes.

According to the FBI and Google, any email service with web-based login options may be at risk of cookie-based attacks. However, Gmail, Outlook, Yahoo, and AOL users are particularly vulnerable. While some financial websites have implemented extra layers of security, email services remain highly targeted.

Google acknowledges that session cookies are integral to a seamless web experience, yet they have become an attractive target for hackers. When users select the “Remember this device” option, a session cookie is generated, potentially allowing unauthorized access if stolen. Google is actively developing new protections to link cookies to specific devices, which would render stolen cookies useless, though these measures are still in the works.

To help protect against these risks, the FBI advises users to regularly clear their cookies, use caution with “Remember Me” options, avoid suspicious links, and periodically review their account login histories. The FBI also encourages victims of cybercrime to report incidents through its Internet Crime Complaint Center (IC3).

Despite the challenges surrounding MFA breaches, the FBI stresses that MFA remains a strong security measure, with any form of MFA being better than none. However, passkeys—credentials tied to a secure device like a physical security key—provide an even stronger defense. Awareness of passkeys has been rising, growing from 39% in 2022 to 57% in 2024, according to the FIDO Alliance. Passkeys enhance security by requiring access to a user’s secure device, making unauthorized access much more difficult.

The FIDO Alliance report also reveals that 42% of users, particularly younger individuals, abandon purchases due to forgotten passwords. Passkeys offer a simplified alternative, often linked with biometric security, reducing reliance on traditional passwords.

To promote the adoption of passkeys among businesses, the FIDO Alliance has introduced draft specifications to facilitate transferring credentials across platforms, aiming to lessen the dependency on passwords and enhance security for both individuals and organizations. This initiative seeks to make passkeys a universal standard, addressing one of the biggest vulnerabilities in online security today.

“The Midtown Times – Your Go-To Online Newspaper for Everything New York.”

Advantages

Key Insight 1

Staying secure online is crucial. Here’s a critical point: Understanding the cybersecurity landscape empowers you to navigate safely. Always be aware of potential threats that could compromise your information.

Key Insight 2

Another vital aspect is maintaining software updates. Regular updates patch security flaws, making your devices less vulnerable to attacks. It’s essential for every user to stay proactive about their software health.

Key Insight 3

Phishing attacks are prevalent; awareness is your shield. Being able to identify malicious communications is one of the most effective defenses against cybercrime.

Key Insight 4

Creating strong, unique passwords is non-negotiable. They should involve a mix of characters, making it difficult for unauthorized users to guess them. Use a password manager if necessary to help!

The Midtown Times

The Midtown Times

The Midtown Times is committed to delivering accurate, timely, and comprehensive news to our readers. 
What to read next...

We live in a time of uncertainty and change. Profound social disruption, affecting how we work, how we learn or entertain ourselves, pose challenges to our social fabric as well as our physical and emotional well-being.

Investors and journalists compare today’s fashion for investing in cryptocurrencies (such as Bitcoin) to the American gold rush in the mid-19th century. Others compare the mania for digital currency to the Dutch tulip craze in the 18th century.

Three friends are celebrating becoming millionaires following the sale of a social media marketing business they started at university. They have sold Fanbytes, which says it helps brands win the hearts of youngsters.

Leave a Reply

Your email address will not be published. Required fields are marked *