When you are using autofill systems, did you know that you may be giving personal information directly to hackers? See what these cyber-thieves get on their end of a phishing site.
The autofill systems in browsers like Google Chrome, Safari, and Opera, as well as plugins like LastPass, can be easily tricked into giving away your information on web pages. Here’s how you can keep your personal information secure.
Viljami Kuosmanen, a Finnish web developer and hacker, recently discovered the exploit and shared an example of it in action on GitHub. Basically, a phishing site will have text boxes where you enter some very basic information, like an email address or first name. But when you use your browser’s autofill system to fill out those boxes, the site uses hidden text boxes to collect additional autofill information you don’t realize you’re giving away. That information could be your home address, phone number, and even your credit card info.
If you want to stay safe, you should always avoid sharing personal information and using utilities like LastPass on web sites you’re not completely sure of. Or you can turn off autofill completely in your browser of choice:
- In Chrome, click the three-dot “More” button in the top right > Settings > Show advanced settings > then uncheck “Enable Autofill to fill out web forms in a single click” under “Passwords and forms.”
- In Safari, go to Preferences > AutoFill > deselect all types of information you want Safari to automatically fill in.
- In Opera, click the Opera button, go to Settings > Privacy & security > scroll down to “Autofill” > uncheck “enable auto-filling of forms on webpages.”
Allan, Patrick. (2017, January 11). Your Browser’s Auto Fill Data Can Be Phished, Here’s How to Stay Safe. Life Hacker.