As we all know filling out web forms is a difficult thing and browsers offers us the auto fill option for our convenience, it looks very helpful ‘autofill’ but now a days we we are not aware about that hackers can easily steal our private information from this feature because there are hidden ‘text boxes’ and by ‘autofill’ these ‘text boxes’ extract data which we don’t want to provide.
Viljami Kuosmanen a web designer and white hat programmer found that few web programs, including Google’s Chrome, Apple’s Safari and Opera, alongside some password supervisors, modules, and utilities, including LastPass, can be deceived into giving away client’s data.
The hacker attack is straightforward. When we fill the text boxes of the form, we also find an option of autofill and we use that option to save our time and energy. The auto fill feature automatically fill the ‘text boxes’ which are not visible on the page. In a demo, Kuosmanen demonstrated that a simple online web form with only two noticeable fields of Name and Email could be intended to contain invisible fields, which are then auto-filled, sending your address, telephone number, city, and nation info to the hacker.
Kuosmanen said he could make the attack more worse by adding more sensitive fields with out making the fields visible to user, like cardit card number and CVV code. Chrome always sends you warning when you use ‘auto fill’ feature on financial data forms on sites that do not offer HTTPS.
It basically implies that a programmer/phisher could outline a web form and have you unknowingly send all the data that is put away in your program. Chrome’s Auto-fill framework, for instance, stores information on telephone numbers, email address, addresses, date of birth,email address, credit card data, and other comparable information.
While Safari and Chrome both experience the ill effects of this phishing attack, Mozilla’s Firefox is not powerless against this attack procedure. Firefox doesn’t offer multi-box autofill framework, which implies it can’t be deceived with data being sent utilizing concealed fields. But, Firefox too is as of now building up a more entire autofill framework.
How to protect yourself from this autofill phishing attack:
- Safari: Click on Safari on the top left > Preferences > Autofill > uncheck all or some boxes.
- Chrome: Click on the vertical three dots to get to Settings > click on Show advanced settings at the bottom to reveal more options. Under Passwords and forms, uncheck Auto-fill box or go to manage for more controls.
- Opera: go to Settings > uncheck Autofill.