Scammers exploit EU cookie law

News by Max Metzger

European cookie law might sound delicious but it's being hijacked by cyber-criminals

The EU's stringent data laws have been deployed against users in a nefarious clickjacking scam.

The scam works upon the user's expectation of a certain form present on all websites that operate out of, or work inside the EU. Under the 2012 Eprivacy directive websites must ask users for permission to use cookies during the visitors' use of the site. Those visitors are also given a chance to approve or reject the use of cookies

Cookies gather 'crumbs' of data downloaded to a users' computer when browsing the internet. Those small crumbs might be there to remember what's in your shopping basket when on ebay or your search preferences, enabling tracking of cookies to help to build a long term picture of a user's browsing habits.

But attackers are now placing transparent iframes into those accept/reject cookie forms. David Emm, principal security researcher at Kaspersky, told “Clickjacking involves invisibly placing a clickable link over a legitimate button or link on a web page: when the visitor clicks what they think is a legitimate item, they're really clicking the malicious link.”  Those Iframes are sometimes placed over the entire page, sometimes just parts of a page. The result, said Emm, “might be the installation of a banking Trojan that subsequently collects confidential data that can be used for ID theft in this case to steal the victim's money.”  

Jérôme Segura, senior security researcher at Malwarebytes told SC: “Clickjacking can be extremely lucrative depending on how it is used and in which context it is taking place.” PPC for example, “is one of the easiest ways to monetise clickjacking and can yield good profits if the crooks can get a lot of traffic to the sites they control.”

Emm told SC that one way you might defend against such attack or at least reduce the risk of them,  “is to disable scripting in your browser – either entirely, or so that you are required to enable it on a case-by-case basis.”

Segura also had some advice for the wary internet user: “As an end user you should be aware of what you click on. Take time to look at any warning messages before clicking through. One way to see if it is legitimate or not is to place your mouse over each button and other parts of the window in question. If the hyperlink is the same regardless of where the mouse cursor is, it's quite likely this is a trap and you're better off closing the entire page.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews