Scammers exploit EU cookie law

The EU's famously stringent data laws have been used against users in a nefarious clickjacking scam.

The scam, works upon the user's expectation of a certain form present on all websites that operate out of, or work inside the EU. Under the 2012 Eprivacy directive websites must ask users for permission to use cookies during the visitors' use of the site. Those visitors are also given a chance to approve or reject the use of cookies

Far from the delicious round baked good that the term cookie might instantly conjure, cookie in this regard refers to small crumbs  of data downloaded to a users' computer when browsing the internet. Those small crumbs might be there to remember what's in your shopping basket when on ebay or your search preferences. What has particularly concerned privacy conscious europeans are tracking cookies which help to build a long term picture of a user's browsing habits.

But these smarmy rascals have found a way to prey upon the good intentions of eurocrats by placing transparent iframes into those accept/reject cookie forms. David Emm, principal security researcher at Kaspersky, the cyber-security giant of the East explained more to SC Magazine “Clickjacking involves invisibly placing a clickable link over a legitimate button or link on a web page: when the visitor clicks what they think is a legitimate item, they're really clicking the malicious link.”  Those Iframes are sometimes placed over the entire page, sometimes just parts of a page. The result, said Emm, “might be the installation of a banking Trojan that subsequently collects confidential data that can be used for ID theft in this case to steal the victim's money.”  

Now, why get people to do something as pointless as clicking accept or reject on the cookie permission form?  Jérôme Segura, senior security researcher at Malwarebytes had an answer for SC: “Clickjacking can be extremely lucrative depending on how it is used and in which context it is taking place.” PPC for example “is one of the easiest ways to monetize clickjacking and can yield good profits if the crooks can get a lot of traffic to the sites they control.”

Emm told SC that one way you might defend against such attack or at least reduce the risk of them  “is to disable scripting in your browser – either entirely, or so that you are required to enable it on a case-by-case basis.”

Segura also had some advice for the wary internet user: “As an end user you should be aware of what you click on. Take time to look at any warning messages before clicking through. One way to see if it is legitimate or not is to place your mouse over each button and other parts of the window in question. If the hyperlink is the same regardless of where the mouse cursor is, it's quite likely this is a trap and you're better off closing the entire page.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.