Cookies are small data sets that websites can use to recognize user behavior and accordingly design a personalized user experience. For example, some websites use cookies to identify the user via a unique session ID. This avoids logging on again on social networks. However, if third parties such as cyber criminals come into possession of this ID, they can intrude into other accounts and take control of them.
Even if the exact targets of the attackers remain in the dark, there are indications of the actual purpose of the attack because a website discovered on the same server advertises services for spreading spam via social media and messenger services. It can therefore be assumed that the cookie thieves may be looking for account access in order to spread spam and phishing the compromised accounts.
The combination of attacks enables cookie thieves to access user accounts without raising suspicion. This is still a new kind of danger, because so far only around 1,000 victims have been attacked. The number of victims will probably increase in the future, especially since the attacks can only be detected with great difficulty by the websites concerned. Even though we normally pay little attention to cookies when surfing the web, they represent another way of processing personal information. Whenever our data is collected online, we should be particularly careful.
Measures Against The Cookie Risk
To prevent cookie theft, the security experts make the following recommendations:
– Users should block access to cookies by third parties in the browsers used on Android smartphones. Data should only be saved until the end of browser use.
– Reliable security solutions such as Security Cloud have a private browsing function that prevents websites from collecting information about user activity.