Autofill Is No Longer Your Friend
Autofill is the feature that saves you some keystrokes when you shop online. When you’re in the checkout area, your name, company name, title, address, phone number, and maybe even your corporate or personal credit card number, are pre-filled for your convenience.
Do you know who also finds this awfully convenient? Sneaky hackers! Here’s what they do:
They send you a spam email message. This message is supposed to look like spam, so you will be motivated to click “unsubscribe.” The unsubscribe link takes you to a page that asks you to confirm your name and email address. On this page, you see two boxes, but the page actually contains many invisible boxes, which your browser helpfully pre-fills with the rest of your information. Helpful to the hackers, that is.
If you’re using Mozilla’s Firefox or Microsoft’s Edge, the hackers probably won’t see much, because those browsers don’t pre-fill all of the fields at once. But if you’re using Google’s Chrome or Apple’s Safari, the hackers can easily see important identity information, and possibly even your credit card number.
Finnish security expert Viljami Kuosmanen created the animation below to illustrate how the autofill phishing scam works.
Kuosmanen has also created an autofill phishing test tool, hosted on Github. Click here to see what a hacker might discover about you, personally. It’s especially helpful to use this tool both before and after you’ve disabled auto-fill in your browser, and compare the results.
Disabling auto-fill in your browsers prevents this particular problem, but it doesn’t protect against the thousands of other new phishing, hacking, and malware threats your company and personal data will face this year. The only real way to keep your computer networks safe is by constant monitoring, proactive maintenance, continuous backup, and regular assessments. In other words, managed IT services.
Copyright 2017 02 21 CMIT Solutions of Gilbert and Mesa. Connect with us on LinkedIn: President Alex Martinez, and Vice President Caryn Martinez.
