Privacy Perils: Beware Browser Autofill

January 13, 2017
Firm Publication

The ingenuity of determined fraudsters should never be underestimated. Gizmodo, a technology website, reports on a simple scheme where hackers capture your sensitive information merely by hijacking the autofill features found in the Chrome and Safari browsers (as opposed to information saved in actual websites like the iTunes store, PayPal or Google Play). As you may have noticed, by default the Chrome browser will autofill certain text boxes when you access even legitimate websites that ask for information. The trick to the current scheme is that the bad guy can create a website to mimic a legitimate one, and then hide certain of the text boxes. Merely filling out the (fake) form on that site (accessed through the Chrome browser) with your name could auto-populate unseen text boxes with whatever sensitive information was previously stored by Chrome. A seven second video in 1/10/17 Gizmodo article demonstrates how easy this trick is accomplished.

What to do? As Gizmodo recommends, disable the autofill feature of a browser (or at least that of Chrome and Safari). Thirty seconds of inconvenience far outweighs months of headaches and heartaches.

Privacy Perils imageCheck out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.