Cookies are used pretty commonly. They're small files websites put on your computer that allow you to stay logged in to Facebook, get targeted ads, or see your recent searches.
"While cookie scraping is a real thing, you probably had to ignore a lot of safety good practices to get to the point where somebody can do that," said Derek Ellington, a Certified Fraud Examiner and Licensed Private Investigator with Ellington Digital Forensics.
[Ads /]
How are cookies used?
Ellington said cookies don't have anything like your name in them that can personally identify you, but they do save your preferences and locations. He said some websites can read the cookies left by other websites that they have agreements with.
"If you do a search for a product on Google that product may show up in your Facebook feed. That's all done through cookies and cookies is kind of a normal part of traveling through the internet," Ellington said.
Ellington said cookies have been used for the last 15-20 years but people are starting to notice them more now because of an increase in notifications or warnings that a website uses them.
"With some of the new privacy policies that websites are instituting they're sort of required no or as a good best practice to let you know," he said. "So the cookies are doing the same things they've always done, they're just kind of letting you know and getting your permission more."
What exactly is cookie scraping?
[Ads /]
Cookie scraping is described as someone getting ahold of the information from the cookies on your computer.
"I'm going to take them, and I'm going to copy them to my computer, and I'm going to hope that the website that you go to will basically think that I'm you instead of me," said Ellington.
If someone is able to successfully scrape your cookies, they could log in to your accounts with your saved passwords. It can be done, but Ellington said it's not easy. Most browsers store cookies in an encrypted, secure way, so someone would have to have access to your computer, logged in and unlocked.
How do you protect yourself?
Since you need to have access to someone's computer in order to scrape their cookies, Ellington's advice is to make sure strangers can't do that.
[Ads /]
He advises to have a password on your computer and always log out of all your accounts completely after using a shared device. Also, avoid clicking on links or attachments from your email if you don't know where they come from.
Finally, never allow anyone remote access to your computer if you don't know and trust them. Ellington said to be extra skeptical when someone calls.
"Companies like Microsoft or your internet provider will never call you and say there's a problem and that you need to let them fix it. Only scammers do that," Ellington said.
Ellington said if you are still worried, you can always go on incognito mode, which prevents websites from putting cookies on your computer or clear your browser history. But he said the other tips are enough to protect you, and avoiding cookies altogether can diminish your online experience.
"You don't need cookies to surf the internet, but it makes it more convenient to go back to sites you normally go to," he said.