Your Browser’s Autofill Data Can Be Phished, Here’s How To Stay Safe

Your Browser’s Autofill Data Can Be Phished, Here’s How To Stay Safe

The autofill systems in browsers like Google Chrome, Safari and Opera, as well as plugins like LastPass, can be easily tricked into giving away your information on web pages. Here’s how you can keep your personal information secure.

Viljami Kuosmanen, a Finnish web developer and hacker, recently discovered the exploit and shared an example of it in action on GitHub. Basically, a phishing site will have text boxes where you enter some very basic information, like an email address or first name. But when you use your browser’s autofill system to fill out those boxes, the site uses hidden text boxes to collect additional autofill information you don’t realise you’re giving away. That information could be your home address, phone number and even your credit card info.

Your Browser’s Autofill Data Can Be Phished, Here’s How To Stay Safe
Here’s the phishing exploit in action via Viljami Kuosmanen.

Here’s the phishing exploit in action via Viljami Kuosmanen.

If you want to stay safe, you should always avoid sharing personal information and using utilities like LastPass on web sites you’re not completely sure of. Or you can turn off autofill completely in your browser of choice: 

  • In Chrome, click the three-dot “More” button in the top right > Settings > Show advanced settings > then uncheck “Enable Autofill to fill out web forms in a single click” under “Passwords and forms”.
  • In Safari, go to Preferences > AutoFill > deselect all types of information you want Safari to automatically fill in.
  • In Opera, click the Opera button, go to Settings > Privacy & security > scroll down to “Autofill” > uncheck “enable auto-filling of forms on webpages”.

Mozilla Firefox is currently immune to this phishing exploit because it doesn’t have a multi-box autofill system yet. You can learn more about the exploit at the link below.

Browser Autofill Phishing [GitHub via The Guardian]


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


One response to “Your Browser’s Autofill Data Can Be Phished, Here’s How To Stay Safe”