Login
As an avid internet surfer, you’ve most likely heard of cookies. No, we’re not talking about the ones filled with chocolate chips. We’re talking about the ones that allow you to log in to your favorite websites. Cookies may impact your online security, so check out these tips to manage them and keep your online accounts safe.
Ever wonder how a website saves the items you placed in your shopping cart last week, even though you closed the tab before making the purchase? This is made possible by cookies. According to the Federal Trade Commission, a cookie is information saved by your web browser. When you visit a website, the site may place a cookie on your web browser so it can recognize your device in the future. If you return to that site later, it can read that cookie to remember you from your last visit, keeping track of your activities over time.1
Cookies come in either the first-party or third-party variety. There’s no difference between the two in how they function, but rather in where and how you encountered them. First-party cookies belong to sites you visited first-hand in your browser. Third-party cookies, or “tracking cookies,” generally come from third-party advertising websites.
Although cookies generally function the same, there are technically two different types of cookies. Magic cookies refer to packets of information that are sent and received without changes. Historically, this would be used to log in to a computer database system, such as an internal business network. This concept predates the modern cookie we use today.
HTTP cookies are a repurposed version of the magic cookie built for internet browsing and managing online experiences. HTTP cookies help web developers give you more personalized, convenient website experiences. They allow sites to remember you, your website logins, and shopping carts so you can pick back up where you left off from your last visit. However, cybercriminals can manipulate HTTP cookies to spy on your online activity and steal your personal information.
Cookie hijacking (also known as session hijacking) is typically initiated when a cybercriminal sends you a fake login page. If you click the fake link, the thief can steal the cookie and capture anything you type while on the fraudulent website. Like a phishing attack, cookie hijacking allows a cybercriminal to steal personal information like usernames, passwords, and other important data held within the cookie. If you enter your information while on the fake website, the criminal can then put that cookie in their browser and impersonate you online. They may even change your credentials, locking you out of your account.
Sometimes, criminals initiate cookie hijacking attacks without a fake link. If you’re browsing on an unsecured, public Wi-Fi connection, hackers can easily steal your data that’s traveling through the connection. This can happen even if the site is secure and your username and password are encrypted.
Because the data in cookies doesn’t change, cookies themselves aren’t harmful. They can’t infect computers with viruses or malware. But if your cookies are hijacked as part of a cyberattack, a criminal could gain access to your browsing history and use cookies as the key to enter your locked accounts. For example, a hacker may steal your identity or confidential company information, purchase items in your online shopping carts, or loot your bank account.
Preventing cookie hijacking attacks can allow you to browse the internet with greater peace of mind. Follow these tips to not only safeguard your personal information but to also enhance your browsing experience:
Make it a habit to clear your cookie cache regularly to prevent cookie overload, which could slow your search speeds. Also, almost every browser has the option to enable/disable cookies on your computer. So if you don’t want them at all, your browser’s support section can walk you through how to disable them.
Although it’s convenient to not have to re-type your credentials into a website you frequently visit, autofill features could make it easier for a criminal to extract your data with cookie hijacking. Plus, autofill is risky if your physical device falls into the wrong hands. To browse more securely without having to constantly reenter your passwords, use a password manager like McAfee True Key. True Key makes it so you only have to remember one master password, and it encrypts the rest in a vault protected by one of the most secure encryption algorithms available.
Strong, unique passwords for each of your accounts, updated regularly, offer ample protection against hackers. Multi-factor authentication (MFA) adds yet another layer of security by double-checking your identity beyond your username and password, usually with a texted or emailed code. When your accounts offer MFA, always opt in.
Criminals can hijack your cookies if you’re browsing on an unsecured, public Wi-Fi connection. To prevent a criminal from swiping your data, use a virtual private network (VPN), a service that protects your data and privacy online. A VPN creates an encrypted tunnel that makes you anonymous by masking your IP address while connecting to public Wi-Fi hotspots. This is a great way to shield your information from online spies while you’re banking, shopping, or handling any kind of sensitive information online.
McAfee LiveSafe is an antivirus solution that protects your computer and mobile devices from suspicious web cookies by:
The post What Are Browser Cookies and How Do I Manage Them? appeared first on McAfee Blog.
It’s fun to jump on our favorite social media sites such as Facebook, Instagram, or LinkedIn and know we can quickly check in with friends and family, discover interesting content, and instantly connect with colleagues worldwide. The last thing on most of our minds when tapping our way into these familiar online communities is being the target of cybercrime.
But it’s happening more and more.
Last month, The Federal Trade Commission (FTC) described popular social media sites as “goldmines” for malicious attacks. The FTC revealed that more than one in four people who reported losing money to fraud in 2021 said it started on social media with an ad, a post, or a message. More than 95,000 people reported about $770 million in losses to fraud initiated on social media platforms in 2021. According to the FTC, those losses account for about 25 percent of all reported losses to fraud in 2021 and represent a stunning eighteenfold increase over 2017 reported losses.
The social environment is a magnet for bad actors because people of every age and country flock there each day. The constant flow of conversation and content—and more importantly, the climate of trust—makes social networks juicy targets for cybercrime.
The biggest motivation? The emerging digital security threat of cryptojacking (aka illegal cryptomining). Cryptojacking is illegally accessing another person’s computer power to mine cryptocurrency. Cybercriminals do this by getting a victim to click on a malicious link delivered via direct message, a news story, or an ad. Once clicked, that link loads crypto mining code on the victim’s computer or leads them to an infected website or online ad with JavaScript code that auto-executes once it’s loaded in the victim’s browser. Often the malware goes undetected, and the only way a victim might know their system has been compromised is that it may start performing more slowly.
While bad actors use social media platforms to distribute cryptomining malware, they also spread other malware types such as advertisements, faulty plug-ins, and apps that draw users in by offering “too good to be true” deals. Once clicked on, the malware allows cybercriminals to access data, create keyloggers, release ransomware, and monitor social media accounts for future scamming opportunities.
Be sure your kids understand the risks and responsibilities associated with device ownership. Consider putting time aside each week to discuss crucial digital literacy topics and ongoing threats such as cryptomining malware. Consider a “device check-in” that requires each person in your family to “check off” the following security guidelines.
To help protect your family devices from viruses, malware, spyware, and other digital threats entering social media sites, consider adding extra security to your family devices with McAfee Total Protection.
Avoid posting home addresses, full birth dates, employer information, school information, as well as exact location details of where you are.
Install software updates so that attackers cannot take advantage of the latest security loopholes.
Select passwords that will be difficult for bad actors to guess and use different passwords for different programs and devices.
For a virus to solve cryptographic calculations required to mine cryptocurrency requires an enormous amount of computer processing power (CPUs). Cryptojacking secretly consumes a victim’s processing power, battery life, and computer or device memory. Look out for a decline in device processing speed.
Be careful when accepting friend requests, direct messages, or clicking on links sent by someone you don’t know personally. This is one of the most popular ways cybercriminals gain access.
Be discerning even when a known friend sends you a second friend request claiming they’ve been hacked. Search known names on the platform for multiple accounts. Cybercriminals have been known to gather personal details of individuals, pose as that person, then connect with friend lists using familiar information to build trust with more potential victims.
Be sure to report any fraudulent activity you encounter on social platforms to help stop the threat from spreading to other accounts, including friends and family who may be connected back to you.
New scams and more sophisticated ways to steal data—and computer processing power for illegal cryptomining—surface daily. Staying in front of those threats and folding them into your family dynamic is one of the most powerful ways to give your kids the skills and security habits they will need to thrive in today’s digital world.
The post Social Media: How to Steer Your Family Clear of Cryptomining Malware appeared first on McAfee Blog.
Cryptocurrency enthusiasts are flocking to the Wild West of Bitcoin and Monero to cash in on the recent gold rush. Bitcoin’s meteoric rise in value is making coin mining an appealing hobby or even a whole new career. Coin mining software is the main tool in a prospector’s belt.
Some coin miners, also known as cryptocurrency miners, are tempted by the dark side of the industry and resort to nefarious means to harness the immense computing power needed for cryptocurrency profits. Greedy cryptocurrency criminals employ a practice called cryptojacking, stealing the computer power of unsuspecting devices to help them mine faster. Your device could be at risk at being recruited to their efforts.
Let’s dig into how coin mining programs work, why they turn malicious, and how you can stay safe from cryptojackers.
Mining cryptocurrency takes a lot of time and computer processing power. A coin mining home setup requires a graphics processing unit (GPU) or an application-specific integrated circuit (ASIC). Coin mining software then runs off the GPU or ASIC. Each central processing unit (CPU), or the brain of the computer, plus the GPU or ASIC is referred to as a mining rig.
Once the software is installed, the rig is ready to mine, running mathematical calculations to verify and collect new cryptocurrency transactions. Each calculation is known as a hash, and hash rates are the number of calculations that can be run per second.
From there, casual miners may choose to join a mining pool, which is a club of miners who agree to consolidate their computing power and split the profits based on how much work each miner contributed to the output.
Bitcoin rewards miners every 10 minutes for their efforts. Each time miners solve a string of mathematical puzzles, they validate a chain of transactions, thus helping make the entire Bitcoin system more secure. Miners are paid in bitcoin and they also receive a transactional fee.
While coin mining typically starts off as a casual hobby, coin mining programs can turn malicious when cryptocurrency miners want to earn more without investing in boosting their own computing power. Instead, they reroute their targets’ computing power without asking. This is called cryptojacking.
Mining requires incredible amounts of electricity and the more rigs involved; the more cryptocurrency can be mined. Usually, the utility bills and the cost of running coin mining software negates any profit. For example, a casual miner may have one rig devoted to mining. An average rig processes approximately 500 hashes per second on the Monero network (a type of cryptocurrency). However, 500 hashes per second translates to less than a dollar per week in traditional, or fiat, currency.
Greedy cryptocurrency criminals recruit CPU soldiers to their mining army to improve their hash rate. To do so, criminals download coin mining software to a device and then program it to report back to their server. The device’s thinking power is diverted from the owner and funneled straight to the criminal’s server that now controls it. Compromised devices run considerably slower and can overheat, and the strain on the device can eventually destroy it.
Cryptojackers are not your everyday thieves. Their target is your CPU power, and they employ devious methods to funnel it for their own use. Luckily, there are a few easy ways to thwart their efforts:
Personal devices are often infected through phishing within emails and texts. There are many tell-tale signs of a phishing message. For example, they are often poorly written and use language that indicates that the sender wants a hasty response. Also, phishing attempts often charade as official organizations, like banks and credit card companies. If you are ever suspicious of an email or text, do not open any of the links and do not reply. Instead, contact the organization’s customer support to verify the legitimacy of the message.
Another way miners gain access to personal devices is by camouflaging malicious code in pop-up ads. An easy way to avoid being cryptojacked is to simply never click on these ads. Or even better, install an ad blocker to help eliminate the risk.
Public wi-fi and poorly protected networks present a vulnerable entry point for cybercriminals to hack into your devices. Cybercriminals often attempt to download software remotely to your laptop, desktop, or mobile device to reroute its computing power for their own selfish gains. Always connect to a VPN like McAfee Safe Connect VPN to safely surf unsecure networks.
Cryptojacking code is inconspicuous and generally hidden in legitimate code. Antivirus software, such as McAfee Total Protection, is a recommended way to proactively scan for malware and even identify fraudulent websites. McAfee WebAdvisor has a Chrome extension that specifically blocks cryptojackers.
Be aware of the signs your devices have been cryptojacked. For example, monitor any changes in the speed of your devices and check out your utility bills for dramatic spikes. By remaining vigilant with these tips, you will keep your devices safe from cryptocurrency miners gone rogue.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Why Coin Miners Go Bad & How to Protect Your Tech When They Do appeared first on McAfee Blogs.
FreshRSS 