PLDT, Smart offer tips on preventing ‘session hijacking’

PLDT and its wireless unit Smart Communications Inc. (Smart) continue to urge customers to be wary of websites they visit, especially those that require login credentials.

Typically, when you visit websites for the first time, they ask for permission to set cookies on your device. While most users will just click yes and proceed to the website, PLDT and Smart’s Cyber Security Operations Group (CSOG) cautions against automatically accepting cookies as they might lead to “session hijacking.”

“Cybercriminals can steal cookies and access your browsing sessions through session hijacking. Data Privacy laws require websites to notify their visitors if they are storing information about them. Users have the right to allow or refuse cookies during their visit,” PLDT and Smart said in a media advisory.

PLDT, Smart train future cybersecurity professionals
PLDT joins global cyberdefense council

Cookies are small text files that websites save on users’ devices to help them remember the visit so they can improve user experience and make browsing more personal on succeeding visits. These data may include usernames, passwords, device settings, and shopping items among others. Without cookies, users will be asked to enter their login credentials again or restore their shopping carts when they accidentally close a page.

The intruder’s goal in “hijacking” incidents is to gain full access to the victims’ accounts so they can get the same permissions and assume their identity to dig deeper into the network. The incident can lead to unauthorized bank transfers, unwarranted purchases, or ransomware attacks.

Here are a few tips on how to prevent session hijacking.

  • Enable Multi-Factor Authentication (MFA) to add another layer of security. This can also alert you of unauthorized transactions.
  • Always check the website you are visiting. A secure website often starts with “HTTPS” for encrypted data traffic.
  • Use only safe connections. Be wary of free or public Wi-Fi.
  • Delete unwanted cookies.
  • Always log out of a website or an application when you’re done.
  • You can also choose to refuse or remove cookies.