![[HSX] HeadShot Xtreme is officially recognized by the Central Outpost as a genuine gaming organization.](https://www.headshotdomain.net/files/coRpSE/cnopseal_X74-MEW1.png "[HSX] HeadShot Xtreme is officially recognized by the Central Outpost as a genuine gaming organization.")
FBI Warns: Cybercriminals Can Bypass MFA Using Cookie Theft
The FBI recently warned that cybercriminals are getting into email accounts—even if they’re protected by multifactor authentication (MFA). These attacks usually start when people are tricked into clicking on suspicious links or visiting unsafe websites, which download malware onto their devices.
The key to these attacks is cookie theft. Not the usual tracking cookies, but session cookies—the ones that keep you logged into sites without needing to enter your password every time. If hackers get ahold of these “Remember Me” cookies, they can log into accounts without needing your username, password, or MFA.
This issue affects all major email platforms like Gmail, Outlook, and Yahoo, but it also impacts other types of accounts, including shopping and financial sites. Though financial accounts often have extra protections, it’s still a serious threat.
The FBI suggests a few ways to protect yourself:
- Clear your browser cookies regularly to remove stored login info.
- Avoid the “Remember Me” option when logging into sensitive accounts.
- Be careful with links and sites—use only secure (https) sites to protect your data.
- Check your recent device login history to spot anything suspicious.
If you think your account may have been compromised, report it to the FBI’s Internet Crime Complaint Center at
| Please login to see this link Get registered or Log in |
Why MFA Still Matters
Even though cookie theft can bypass MFA, it’s still important to set up MFA on all accounts that offer it. MFA remains a powerful tool to protect against account hacks, especially when you’re cautious about what you download and click.
Amazon recently added MFA to its business email service—years after it became common elsewhere. The delay shows that security basics like MFA can take time to catch on, even for big companies.
While all MFA is helpful, some options are better than others. For example, passkeys—credentials linked directly to your device—are among the best. They make it nearly impossible for hackers to access your account without physical access to your device.
Good news: awareness of passkeys has grown. According to the FIDO Alliance, more people are now using passkeys, and this trend is making the internet safer. And soon, new standards may make passkeys even more accessible for businesses, giving them a way to move away from traditional passwords altogether.
By following the FBI’s advice and using MFA, you can make your online accounts much harder to hack.
I personally like to put in my own suggestions away from what the FBI says and what was posted on Forbes. When it comes to text messages, chats on programs like Skpe and Discord, and especially emails, when someone posts a link to you for you to click, I don't care if it's your sister, uncle, brother, best friend, who every it may be, be weary of the URL. You never know if they have been compramise, spoofed, or fell for it them selves and is expanding it. On my phone and tablets, I don't follow links at all. Unfortuently, there is no way to verify the links to know that they arent sending you a link that visually looks like it's going to site A, but instead, when you click on it, it brings you to site B. For example:
This link looks like it will send you to My site, but reality, it brings you to the Evo Xtreme CMS site:
| Please login to see this link Get registered or Log in |
I did that with bb code, and its just as easy to do with HTML. So, if you are on a PC, before clicking a link, mouse over it and look at the lower left of your screen, it should show you the actual URL of where it is going to bring you. I can't stress that enough, and these scams happen all the time. I get maybe 30 a week between emails, messages on Discord, Skype, and even text/phone messages. Now, you may think, I already know this, I don't fall for these. Well, everyone is human and all it takes is one slip. Even Linus, owner of LTT fell for it. Here is a large tech tuber that knows better, but the right situation happened and because of events going on, cause him to slip. Here are a couple of videos on it if you feel like watching.
Linus & Luke Talk about it: Wan Show:
| Please login to see this link Get registered or Log in |
John Hammond Breakdown:
| Please login to see this link Get registered or Log in |
With the holidays approaching and online threats on the rise, it’s crucial to stay aware and protect yourself.
Just yesterday, I had an interesting chat while waiting at the doctor’s office. I noticed a woman logging into her banking app on the public Wi-Fi and gently mentioned that, for security, it’s best to avoid doing that. We got into a discussion about how easy it can be for someone to monitor public networks and intercept sensitive information. I told her that public Wi-Fi is fine for casual browsing or watching videos, but when it comes to logging into secure accounts or entering passwords, it’s much safer to switch to mobile data.
As we talked, another patient and his daughter joined in. The daughter mentioned her computer science teacher warns about this exact issue, too. They were both grateful, realizing they had been taking risks without even knowing it. We ended up going into the various ways that are common for attacks and what to watch out for. I remember a few years ago, the scam callers were calling saying they were from Microsoft and my account had some issues. I like messing with them telling them that its amazing that Microsoft was calling me, and I felt so special that they would call me to tell me that I have a critical issue with my Linux distro and were they willing to help me resolve the issue that isn't even with thier OS. (Just a FYI, I don't use Linux ATM, just Windows 10, for now. Some times they would try to play it off, other times they just hung up. The last 2 weeks, I have had maybe 10 call from "Medicare", calling me to tell me that I have an issue on my account. First, they didn't know who I was, never asked for anyone. Those people I just call a pathetic scammer that really needs to work on their storie before calling. There is more I say, but i don't want to type it for some of you may have a different opinion of me.
Unfortuently, it's a problem that doesn't have a simple solution, and with new tools like AI, it's just going to get harder to catch and combat.
Overall, protect your self and question everything.
Sources:
| Please login to see this link Get registered or Log in |
| Please login to see this link Get registered or Log in |
