: Attackers can impersonate the victim and log into their accounts (e.g., webmail, banking, or social media) without needing a password.
: Some scripts, like those used by the "Earth Wendigo" group, can append themselves to the victim's email signature to spread to other contacts. Prevention and Mitigation cookie stealer script
: The script accesses the document.cookie object, which often contains session identifiers, login keys, and personalization data. : Attackers can impersonate the victim and log