How Cookies Are Being Used to Track and Attack You

When most people talk about cookies, the conversation is usually about sweet baked goods. But when IT professionals talk about cookies, we are discussing the Internet. In this context, the term cookies refer to small data files that contain strings of text. When you connect to a website, its web server sends a cookie to your web browser. The browser will send the cookie back to the server whenever you visit that website again.


Cookies are used throughout the Internet because they let websites communicate with their visitors in a more personal way. For example, suppose you buy shoes from an online retailer. The retailer’s web server will assign an identification (ID) number to you. Besides storing this ID number in a database, the webserver will send it to you in a cookie.

The next time you visit the online retailer’s website, your web browser will send this cookie back to the retailer’s web server. The web server will then personalize the page that it displays for you. In this case, it might showcase shoes that are similar to the pair you bought last time. This personalization means that online advertisers do not have to run the same ads over and over again. It also means you can save your preferences when visiting a particular website.

Web Tracking

While many organizations use cookies in a positive way, some companies are harnessing them for more shady purposes. In November 2014, The Washington Post reported on how telecommunication giants AT&T and Verizon were using so-called supercookies to track their customers’ web activity, even when they were using their browsers’ privacy mode. Unlike their normal counterparts, supercookies cannot be deleted. Consumers and privacy advocates condemned AT&T and Verizon for using supercookies. The companies were eventually pressured into allowing customers to opt-out of their use.

Facebook also allegedly uses cookies for monitoring users’ browsing habits. The Belgian Privacy Commission published a report in February 2015 that claimed Facebook was tracking European users’ web activity, even when they chose not to sign up for the tracking option. According to the report, the social network was even tracking people who did not have accounts and users who had already logged off of the site. A Facebook spokesperson said that the report contained factual inaccuracies.

How Cybercriminals Use Cookies

Cookies themselves are harmless. However, cybercriminals can use them to impersonate you online and thereby gain access to your accounts. By hiding code in stolen cookies, cybercriminals can also spread malware and manipulate you into visiting malicious websites.

Cybercriminals can also use cookies to make websites look unavailable to web browsers. As mentioned previously, when you return to a given website, your web browser will send a cookie back to its web server. A cybercriminal can alter this cookie so that the webserver receives hundreds of cookies instead of just one. When the amount of cookie data exceeds what is allowed in the connection setup, the server closes the connection. You will not be able to visit the website until you delete your cookies.

How to Protect Yourself

If you are uncomfortable with the idea of using cookies, you can turn off this setting in your web browser. If you do not mind cookies being used, it is still a good idea to delete your browser’s cookies every now and then. This makes it harder for companies to track your web activity.

There are other security measures you should take to keep yourself safe while browsing the Internet. You should be using an up-to-date firewall, anti-virus, and anti-malware applications. These programs can block attacks that use cookies.

In addition, before you enter private information on a website, you should make sure the link is secure. To do so, look for a padlock icon somewhere in the browser window frame. When you click the padlock icon, you should see details about the site’s security, including information about cookies. You should also make sure the web address begins with “https”. Websites beginning with “https” use encryption to secure web connections. For more advice about using the Internet safely, contact us.