Account hacks are also a common threat since social media, emails, e-banking, and other online services can hold very valuable information for the attacker. Even though an account malfunction may seem like a malware infection, it can turn out to be a hacked account. An account can be hacked through a combination of social engineering and technical skills, for example by crafting a fraudulent message which contains a demand to the user to update their login credentials for a specific service. The unsuspecting user is then redirected to a fraudulent website controlled by the attacker, which collects the user’s current login credentials for that account and locks them out. The attackers can bypass multi-factor authentication with SIM swapping (if SMS is used for multi-factor authentication) or by stealing session cookies from the user’s browser. Though the latter only gives temporary access to the account and no access to passwords, it is enough to access content. Malicious browser extensions are a common source of session hijacks.