Typically, when you visit websites for the first time, they ask for permission to set cookies on your device. While most users will just click yes and proceed to the website, PLDT and Smart’s Cyber Security Operations Group (CSOG) cautions against automatically accepting cookies as they might lead to ‘session hijacking’.
“Cybercriminals can steal cookies and access your browsing sessions through session hijacking. Data Privacy laws require websites to notify their visitors if they are storing information about them. Users have the right to allow or refuse cookies during their visit,” shares Angel Redoble, PLDT and Smart First Vice President and Chief Information Security Officer.
But what are cookies? They are small text files that websites save on your device to help them remember your visit so they can improve user experience and make browsing more personal on succeeding visits. These data could include username, passwords, device settings and shopping items among others. Without cookies, users will be asked to enter their login credentials again or restore their shopping carts when they accidentally close a page.
The intruder’s goal in ‘hijacking’ incidents is to gain full access to the victim’s account so he can get the same permissions and assume the victim’s identity to dig deeper into his network. The incident can lead to unauthorized bank transfers, unwarranted purchases or ransomware attacks.
Here are a few tips on how to prevent ‘session hijacking’:
- Enable Multi-Factor Authentication (MFA) to add another layer of security. This can also alert you of unauthorized transactions.
- Always check the website you are visiting. A secure website often starts with “HTTPS” for encrypted data traffic.
- Use only safe connections. Be wary of free or public Wi-Fi.
- Delete unwanted cookies.
- Always log out of a website or an application when you’re done.
- You can also choose to refuse or remove cookies.
Also Read: This is how long it takes hackers to crack your passwords
The efforts of PLDT and Smart to prevent cybercrimes are fundamental to the PLDT Group’s much broader program to elevate the quality of customer experience by protecting them from threats and attacks.
