PLDT and its wireless unit Smart Communications have urged Internet users to be wary of websites they visit, especially those that require login credentials. Typically, when visiting websites for the first time, users are asked for permission to set cookies on their device.
While most users will just click yes and proceed to the website, PLDT and Smart’s Cyber Security Operations Group (CSOG) cautioned against automatically accepting cookies as they might lead to “session hijacking”.
“Cybercriminals can steal cookies and access your browsing sessions through session hijacking. Data privacy laws require websites to notify their visitors if they are storing information about them. Users have the right to allow or refuse cookies during their visit,” said Angel Redoble, PLDT and Smart first vice president and chief information security officer.
But what are cookies? They are small text files that websites save on a device to help them remember a user’s visit so they can improve user experience and make browsing more personal on succeeding visits.
These data could include username, passwords, device settings and shopping items among others. Without cookies, users will be asked to enter their login credentials again or restore their shopping carts when they accidentally close a page.
The intruder’s goal in “hijacking” incidents is to gain full access to the victim’s account so he can get the same permissions and assume the victim’s identity to dig deeper into his network. The incident can lead to unauthorized bank transfers, unwarranted purchases or ransomware attacks.
Here are a few tips on how to prevent ‘session hijacking’:
- Enable Multi-Factor Authentication (MFA) to add another layer of security. This can also alert you of unauthorized transactions.
- Always check the website you are visiting. A secure website often starts with “HTTPS” for encrypted data traffic.
- Use only safe connections. Be wary of free or public Wi-Fi.
- Delete unwanted cookies.
- Always log out of a website or an application when you’re done.
- You can also choose to refuse or remove cookies.
