Published: December 18, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
You know the autofill feature that is in browsers these days, that is so convenient and prevents you having to fill in tedious details such as your name, address, and payment card details ad nauseum? That time-saving trick can also relieve you of more of your personally identifying information (PII) and confidential details than you may bargain for; all because you get frustrated filling in those forms with every purchase or registration. This undesirable feature can be activated in Chrome, Safari, and Opera, as well as any browser that allows you to save these form details.
What happens is when the data is requested on a form, a little hacker-created addition can also enter data into other text boxes, even if they don’t appear on the screen. For example, perhaps you’re adding your email address to a page to sign up for an online newsletter. If there is a box lurking in the background, it can also grab other details that are saved in the autofill settings of the browser like your address. Some plugins, such as the one for the password manager, LastPass can also be used this way with their profile-based autofill functions. In that case, it may not be bad, but for many other cases it most certainly can be.
The best way to avoid this is to disable the autofill feature, no matter how tedious filling that information in the boxes gets. Yes, we know. It’s VERY tedious. However, should you choose to use it, just don’t add any payment card, bank account, or other sensitive data into your settings. So, when Chrome asks if you want to save the payment card details in the browser, just click “no.” You can edit and delete the information stored in the autofill settings in your browser settings menus.
In addition, always make sure the anti-phishing features are active in your browsers and that you have anti-malware and anti-virus installed and kept up-to-date on your computers and devices.
Any browser that has the autofill functionality is vulnerable to this little trick. So, if a browser window is affected by this malware, you could fall victim. However, it also still relies on tricking users into entering the data in the fake form, so you can outsmart it. If something flashes quickly on the screen you don’t remember seeing before, second guess it and maybe close that window and try again in another browser. If you have the same issue, check your computer for malware. But the best advice is not to store PII or confidential information to start.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org