You’ve experienced it before. You visit a website, then a pop-up shows up asking for your permission to allow cookies. Being how annoying it is, you just click yes.
The problem is, that’s actually a bad practice. PLDT-Smart’s Cyber Security Operations Group (CSOG) has warned users against automatically accepting cookies as it may lead to “session hijacking”.
Cookies are small text files that websites keep on the user’s device. The file contains the user’s experience on the website, which the website can then use to make the next visit better and more tailored.
Such data includes device settings, usernames and passwords, shopping items, and more.
- How to report intentional disconnection and cable theft to PLDT
- How to use your old smartphone, laptop as security camera
So what is this session hacking that they are talking about? PLDT head of information security Angel Redoble explained that this would allow cybercriminals to steal cookies and access browsing sessions.
This form of hijacking could help criminals gain access to the user’s account, allowing them to assume the user’s identity. As a result, it could lead to unauthorized purchases, bank transfers, and even ransomware.
PLDT-Smart has offered these tips on how to be safe from session hacking using cookies:
- Enable Multi-Factor Authentication (MFA). This will also alert you if someone is trying to access or make transactions using your account.
- Always check if the website you’re visiting has “HTTPS” or padlock in the URL. If yes, this means that it is safe with encrypted data traffic.
- Don’t use free or public WiFi networks if possible.
- Remove unwanted cookies on your device or browser settings.
- After using an app or website, log out your account.
- If asked, always refuse or remove cookies.