FBI Warns: Hackers Bypassing Email Security on Gmail, Outlook, and Yahoo—How to Protect Your Account

November 4, 2024
FATAL

The FBI recently issued a warning for email users on platforms like Gmail, Outlook, Yahoo, and AOL about new hacking techniques that can bypass multifactor authentication (MFA). Hackers are exploiting “cookie-stealing” tactics to gain access to email accounts even when MFA is enabled, allowing them to hijack user sessions without needing usernames, passwords, or verification codes.

Here’s how the attack works: users are tricked into clicking on harmful links in emails or online ads, which download malware to their devices. This malware steals session cookies—tiny files that remember your login status—enabling hackers to bypass standard security and enter accounts freely. Once inside, they may use these accounts to carry out scams or access sensitive data.

To keep accounts secure, the FBI advises:

Clear Browser Cookies Regularly: Cookies store login info, so removing them regularly adds an extra layer of security.
Avoid “Remember Me” on Logins: Although convenient, this feature increases the risk of cookie-based attacks.
Be Careful with Links: Only click on links from known sources, and avoid suspicious ads or pop-ups.
Check Login Activity: Regularly reviewing recent account logins can help you spot suspicious activity early.

Additionally, the FBI encourages users to consider passkeys, a new security option that ties login information directly to your device, making it harder for hackers to infiltrate. This method is currently seen as more secure than traditional MFA.

If you notice suspicious activity or think your account may be compromised, report it immediately to the FBI’s Internet Crime Complaint Center (IC3). By following these steps and staying alert, users can better protect their email accounts from unauthorized access.