Chocolate chip, oatmeal raisin, snickerdoodle: Cybercriminals have a sweet tooth just like you. But their favorite type of cookie is of the browser variety.

Browser cookies – often just referred to as cookies – track your comings and goings on websites. And when a cyber thief gets their mitts on your browser cookies, it can open all kinds of doors into your online accounts.

The first step to protecting your devices and online privacy from criminals is to understand their schemes. Here are the key terms you need to know about cookie theft plus how to keep malicious software off your devices.

Key Cookie Theft Terms You Should Know

Cookie theft can happen to anyone. Knowing the basics of this cyberscheme may help you better protect your online life:

  • Browser cookie. A small collection of data your internet browser stores every time you visit a website. When your browser stores this data, it makes it quicker for you to log back into a website or for a website to customize its suggestions for you the next time you visit.
  • Cache. Like a mouse scurrying away a pile of sweet treats, your device hoards – or caches – all the cookies you gather from websites you visit. Your cache of cookies will grow continually until you clear it out. If your cache grows too large, it could slow down your device, affect performance, or tax your battery power.
  • Multifactor authentication. MFA is a way to log in to an online account that requires additional forms of identification beyond a username and password. It could require biometric identification (like a face or fingerprint scan), a security question, or a one-time code.

How and Why Do Criminals Steal Browser Cookies?

Cookies thieves are generally motivated by the financial gains of breaking into people’s online accounts. Banking, social media, and online shopping accounts are full of valuable personal and financial details that a cybercriminal can either sell on the dark web or use to impersonate you and steal your identity.

Malware is generally the vehicle cybercriminals use to steal cookies. Once the malicious software gets onto a device, the malware is trained to copy a new cookie’s data and send it to the cybercriminal. Then, from their own machine, the cybercriminal can input that data and start a new session with the target’s stolen data.

There was a stretch of a few years where cookie thieves targeted high-profile YouTube influencers with malware spread through fake collaboration deals and crypto scams. The criminals’ goal was to steal cookies to sneak into the backend of the YouTube accounts to change passwords, recovery emails and phone numbers, and bypass two-factor authentication to lock the influencers out of their accounts.1

But you don’t have to have a valuable social media account to draw the eye of a cybercriminal. “Operation Cookie Monster” dismantled an online forum that sold stolen login information for millions of online accounts gained through cookie theft.2

Best Practices for Secure Browsing

To keep your internet cookies out of the hands of criminals, it’s essential to practice safe browsing habits. These four tips will go a long way toward keeping your accounts out of the reach of cookie thieves and your devices free from malicious software.

  1. Set up MFA. MFA may seem like it’ll slow down your login process, but really, the extra seconds it takes are well worth it. Most people have their phone within arm’s reach throughout the day, so a texted, emailed, or authentication app-generated code is easy enough to access. Just remember that a reputable company will never ask you for one-time codes, so these codes are for your eyes only. MFA makes it extremely difficult for a criminal to log into your accounts, even when they have your password and username. Without the unique code, a bad actor is locked out.
  2. Watch out for phishing attempts and risky websites. Cookie-stealing malware often hops onto innocent devices through either phishing lures or through visiting untrustworthy sites. Make sure to carefully read every text, email, and social media direct message. With the help of AI content generation tools like ChatGPT, phishers’ messages are more believable than they were years ago. Be especially diligent about clicking on links that may take you to risky sites or download malicious files onto your device.
  3. Clear your cache regularly. Make it a habit to clear your cache and browsing history often. This is a great practice to optimize the performance of your device. Plus, in the case that a cybercriminal does install cookie-stealing malware on your device, if you store hardly any cookies on your device, the thief will have little valuable information to pilfer.
  4. Use a password manager. While a password manager won’t protect your device from cookie-stealing malware, it will lessen your dependence upon storing valuable cookies. It’s convenient to already have your usernames and passwords auto-populate; however, if your device falls into the wrong hands these shortcuts could spell trouble for your privacy. A password manager is a vault for all your login information for your dozens of online accounts. All you need to do is input one master password, and from there, the password manager will autofill your logins. It’s just as quick and convenient, but infinitely more secure.

Lock Up Your Cookie Jar

McAfee+ is an excellent partner to help you secure your devices and digital life. McAfee+ includes a safe browsing tool to alert you to suspicious websites, a password manager, identity monitoring, and more.

The next time you enjoy a cookie, spare a moment to think of cookies of the digital flavor: clear your cache if you haven’t in awhile, doublecheck your devices and online accounts for suspicious activity, and savor the sweetness of your digital privacy!

1The Hacker News, “Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts”

2CNN, “‘Operation Cookie Monster:’ FBI seizes popular cybercrime forum used for large-scale identity theft”

Introducing McAfee+

Identity theft protection and privacy for your digital life

#Cookie #Theft #Cybercriminals #Accounts

Vanquishing aliens, building virtual amusement parks, mashing buttons in online battles royale. For some, playing video games is a way to unwind from the day and momentarily journey to new worlds. Others game because they love the competition or enjoy participating in the online community around their favorite game.  

But just like other online realms, gaming isn’t free of cybercriminals. Cybercriminals take advantage of highly trafficked online gaming portals to make a profit on the dark web.  

The next time you log on to your virtual world of choice, level up your gaming security to protect your device and your personally identifiable information (PII).   

Why Do Cybercriminals Target Gamers? 

Gaming companies host a trove of valuable information. Gamers trust these platforms with their payment information, personal details, passwords, and with the safety of their gaming characters on which they spend thousands of hours and hundreds of dollars upgrading.  

Cybercriminals also target gamers through malware disguised as an advantage. Cheat software for online games is common as players strive to be the best among their opponents. For instance, a malware scam targeted players seeking an advantage for “Call of Duty: Warzone.” The malware creators advertised the “cheat software” on YouTube with instructions on how to download it. The video received thousands of views and hundreds of comments, which made it look legitimate.  

One of the steps in installing the “cheat software” was that users had to disable antivirus programs and firewalls. Users let the cybercriminals walk right into their device! From there, an aggressive type of fileless malware called a dropper infected the device. A dropper doesn’t download a malicious file; rather, it creates a direct pathway to deliver an additional payload, such as credential-stealing malware.1  

5 Gamer Security Tips 

Competitive gaming is, well, competitive. So, if you invest a lot of real money into your characters, be especially vigilant and follow these five important tips to protect your online accounts. 

1. Do not reveal personal information

It’s common for gamers to use variations of their real names and birthdates in their public-facing usernames. Doing this could reveal personal information that you’d rather keep private. Consider using a nickname or a combination of random numbers instead. Along this same vein, don’t reveal personal details about yourself (phone number, hometown, places you visit regularly, etc.) on chats or streams. Lurking cybercriminals can gather these personal details to impersonate you. 

2. Edit your privacy settings 

On some online PC games, you can join campaigns with gamers from all over the world. While the interconnectivity is great, carefully vet who you allow to follow your online profile. If a stranger sends a friend request out of the blue, be on alert. They could have nefarious motives, such as phishing for valuable data. It’s best to customize your privacy settings to make your profile invisible to strangers.  

3. Don’t pirate games or download cheat software

Developers spend a lot of time creating amazing games, so make sure you purchase games legally and play them as they are intended. Research revealed that cracked versions – or unauthorized versions – of popular games sometimes hid ChromeLoader malware, which has the ability to steal credentials stored in internet browsers. Cracked versions of Call of Duty, Elden Ring, Dark Souls 3, Red Dead Redemption 2, and Roblox were found to be harboring malware.2  

Be especially wary of free downloads and cheat software. Instead, go for a challenge and have fun with the game as it’s written.  

4. Log in with a VPN

A virtual private network (VPN) scrambles your online data traffic, foiling nosy digital eavesdroppers you may encounter while online gaming. A VPN makes it nearly impossible for anyone to access your IP address or spy on your online browsing. 

5. Protect your device with antivirus software 

Antivirus software can make your online gaming experience more secure. McAfee antivirus software, which is included in McAfee+, provides real-time threat protection, which means your devices are covered with 24/7 protection from ever-evolving malware and online threats. 

1Ars Technica, “Malicious cheats for Call of Duty: Warzone are circulating online 

2TechRadar, “Be very careful when downloading these games online – they could be malware 

Introducing McAfee+

Identity theft protection and privacy for your digital life

#Online #Gaming #Tips #Stay #Safe #Cybercriminals

Kecerdasan buatan (AI) ngembang tina laboratorium téknologi luhur sareng plot Hollywood janten tangan masarakat umum. ChatGPT, alat generasi téks, ampir henteu peryogi perkenalan sareng generator seni AI (sapertos Craiyon sareng OpenAI) naék. Ngasupkeun clues nonsensical jeung narima seni klip konyol di mulang téh cara fun méakkeun hiji soré.

Nanging, nalika anjeun nyandak generator seni AI pikeun seuri, para penjahat siber ngagunakeun téknologi pikeun nipu jalma pikeun percanten kana warta palsu sensasional, profil bobogohan lele, sareng peniru anu ngancurkeun. Seni anu dibangkitkeun AI canggih tiasa sesah ditingali, tapi ieu mangrupikeun sababaraha tanda yén anjeun tiasa ningali gambar anu tiasa dipertanyakeun atanapi kalibet sareng penjahat di tukangeun profil anu dibangkitkeun AI.

Naon AI Art Generator sareng Deepfake?

Pikeun langkung ngartos cyberthreats anu ditimbulkeun ku masing-masing, ieu sababaraha definisi gancang:

Generator seni AI. Generatif AI biasana mangrupikeun jinis AI khusus di tukangeun generator seni. Jenis AI ieu dieusian ku milyaran conto seni. Nalika aya anu masihan ajakan, AI ngaléngkah ka perpustakaan anu lega sareng milih kombinasi karya seni anu dianggap paling pas. Seni AI mangrupikeun topik anu didebatkeun dina dunya seni sabab henteu aya karya anu diciptakeun sacara téknis asli. Éta ngagaduhan produk ahirna ti sababaraha seniman, anu seuseueurna henteu masihan idin program komputer pikeun ngagunakeun kreasina.
deepfakes. Deepfakes mangrupikeun manipulasi poto sareng pidéo jalma nyata. Manipulasi anu dihasilkeun nyieun hiji jalma sagemblengna anyar ti kompilasi jalma nyata, atawa subjek aslina ieu dimanipulasi kasampak kawas aranjeunna ngalakonan hal aranjeunna pernah ngalakukeun.

Seni AI sareng deepfakes sanés téknologi anu aya dina wéb poék. Saha waé tiasa ngaunduh seni AI atanapi aplikasi deepfake, sapertos FaceStealer sareng Fleeceware. Kusabab téknologi henteu haram sareng seueur kagunaan anu teu bahaya, sesah diatur.

Kumaha Jalma Nganggo Seni AI sacara jahat?

Éta polos pisan ngagunakeun seni AI pikeun nyiptakeun poto panutup pikeun propil média sosial anjeun atanapi dipasangkeun sareng tulisan blog. Nanging, langkung saé janten transparan sareng pamiarsa anjeun sareng kalebet bantahan atanapi déskripsi anu nyatakeun éta sanés karya seni asli. Seni AI janten jahat nalika jalma ngagunakeun gambar pikeun ngahaja nipu batur sareng kauntungan finansial tina tipu daya.

Lele tiasa nganggo gambar profil palsu sareng pidéo pikeun ngayakinkeun targetna yén aranjeunna leres-leres milarian cinta. Nyingkabkeun raray sareng jati dirina anu leres tiasa nempatkeun lele kriminal dina résiko kapendak, janten aranjeunna ngagunakeun gambar jalma sanés atanapi ngamalkeun sadayana perpustakaan gambar.

Panyebar warta palsu ogé tiasa kéngingkeun seni AI atanapi deepfakes pikeun nambihan “kredibilitas” kana téori konspirasina. Nalika aranjeunna masangkeun headline sensasional sareng poto anu, dina pandangan kahiji, ngabuktikeun legitimasina, jalma-jalma tiasa langkung condong ngabagi sareng nyebarkeun carita. Warta palsu ngarusak masarakat kusabab émosi négatip anu ekstrim anu tiasa dibangkitkeun dina balaréa. Nyababkeun histeria atanapi amarah tiasa nyababkeun kekerasan dina sababaraha kasus.

Tungtungna, sababaraha penjahat tiasa nganggo deepfakes pikeun ngabohongan KTP raray sareng kéngingkeun aksés kana akun online anu sénsitip. Pikeun nyegah batur asup kana akun anjeun, jaga akun anjeun nganggo auténtikasi multi-faktor. Ieu ngandung harti yén leuwih ti hiji métode idéntifikasi diperlukeun pikeun muka hiji akun. Métode ieu tiasa dina bentuk kode hiji waktos anu dikirim ka telepon sélulér, kecap akses, jawaban kana patarosan kaamanan, atanapi ID sidik salian pikeun ID wajah.

3 Cara pikeun Ningali Gambar Palsu

Sateuacan anjeun ngamimitian hubungan online atanapi bagikeun warta nyata dina média sosial, panalungtikan gambar nganggo tilu tip ieu pikeun milih karya seni jahat sareng deepfakes anu dibangkitkeun AI.

1. Pariksa konteks sabudeureun gambar.

Gambar palsu biasana henteu muncul ku nyalira. Seringna aya téks atanapi artikel anu langkung ageung di sakurilingna. Pariksa téks pikeun typo, grammar goréng, jeung sakabéh komposisi goréng. Phisher kasohor ku kaahlian nyeratna anu goréng. Téks anu dihasilkeun ku AI langkung hese dideteksi sabab tata basa sareng éjahan sering leres; Sanajan kitu, kalimah-kalimahna bisa katémbong ngarérét.

2. Evaluasi klaim.

Naha gambarna katingali anéh teuing janten nyata? Saé teuing janten leres? Kembangkeun aturan jempol generasi ieu “Ulah percanten kana sagala anu anjeun baca dina internét” kalebet “Tong percanten kana sagala anu anjeun tingali dina internét.” Lamun warta palsu ngaku jadi warta nyata, néangan headline di tempat séjén. Upami éta leres-leres penting, sahenteuna hiji situs sanésna bakal ngalaporkeun acara éta.

3. Pariksa distorsi.

Téknologi AI sering nyababkeun hiji atanapi dua seueur teuing ramo dina panangan, sareng deepfakes nyiptakeun panon anu sigana teu aya jiwa atanapi maot. Ogé, meureun aya kalangkang di tempat anu teu wajar, sareng warna kulit sigana henteu rata. Dina pidéo deepfake, sora sareng ekspresi wajah tiasa salah, ngajantenkeun subjek katingalina robotic sareng stilted.

Ningkatkeun Kaamanan Online Anjeun Sareng McAfee

Gambar palsu hese ditingali, sareng sigana bakal langkung realistis nalika téknologi ningkat. Kasadaran ngeunaan ancaman AI anu muncul langkung saé nyiapkeun anjeun pikeun ngontrol kahirupan online anjeun. Aya kuis online anu ngabandingkeun deepfake sareng seni AI ka manusa nyata sareng seni buatan manusa. Lamun anjeun boga sapuluh menit bébas, mertimbangkeun nyokot kuis jeung recognizing kasalahan anjeun pikeun ngaidentipikasi seni tiruan bahaya di mangsa nu bakal datang.

Pikeun masihan anjeun langkung kapercayaan kana kaamanan kahirupan online anjeun, pasangan sareng McAfee. McAfee + Ultimate mangrupikeun privasi alat, identitas, sareng kaamanan sadaya-dina-hiji. Jaga nepi ka genep anggota kulawarga anjeun nganggo rencana kulawarga, sareng kéngingkeun panyalindungan maling identitas dugi ka $2 juta. Mitra sareng McAfee pikeun ngeureunkeun ancaman naon waé anu nyerang anjeun.

Nepangkeun McAfee + Ultimate

Maling identitas sareng panyalindungan privasi pikeun kahirupan digital anjeun

#dina #Leungeun #Cybercriminals #Kumaha #Ngenalkeun #Seni #Palsu #sareng #Deepfakes