Cookie Poisoning

Posted on February 27, 2016

NOCtalk

What do cookies have to do with someone gaining access to your bank account? Everything.

Hackers spend countless hours on the Internet listening and looking at Internet traffic in an attempt to intercept your cookies. A cookie, in this sense, is a small piece of information, usually in text format, that is downloaded to your computer when you visit websites. The cookie will often include an ID number, the website who issued it, and an expiration date and time. It can contain other information such as login names as well. Because of the text format, the information is very easy to read.

Typically your online banking session begins when you log into the site, and your computer is issued a cookie. The expiration time included on the cookie is a safety measure that automatically logs you out in case you forget and ensures uninvited guests can’t just open the door to your account. However, if you hit the “logout” button, it will end the session immediately, prompting anyone who attempts to access the account to login using proper credentials.

All that sounds fairly secure, and it normally is, but hackers can be pretty crafty. They developed a way of hacking those cookies to take over your session; it’s called cookie poisoning. This process allows a hacker to intercept your cookie and change it so they can access the session most beneficial to them, the one with all your most crucial information.

We all know we shouldn’t leave a secure site without properly logging out, but the incredible number of identity thefts prove we may be getting a little lax with our online lives.  In their 2015 Identity Fraud Study, Javelin Strategy & Research discovered that  $16 billionwas stolen from 12.7 million U.S. consumers in 2014.

Closing your screen without actually logging out of your account is like leaving your wallet on the dashboard of an unlocked car. Considering all the information we keep on the Internet these days, the effects of an improper logout are often more devastating than a stolen wallet. Taking the time to properly exit sensitive online accounts makes all the difference.

We encourage you to take those extra few seconds to log out before exiting the screen. Don’t let anyone get their hands in your cookie jar, stay safe, stay secure!

Design a Mobile Website
View Site in Mobile | Classic
Share by: