Phishing scam: Should you enable browser autofill?
Published 4 February 2017
We take you through whether browser autofill could compromise your information.
We all know the type of information a website asks for to complete an order or open an account. You may need to type in your full name, address, telephone number, as well as your card details if you're finishing a shopping order.
It can inconvenient to type out all this information each time you want to fill out a form, so you might enable your browser autofill to get around this. But are there downsides to this setting? We take you through why your browser might be giving away your information to fraudsters.
Leaking private information
A security researcher found that fraudsters can trick browsers into leaking a user's private information through their autofill systems. Several browsers including Google Chrome, Safari and Opera, as well as add-ons such as the LastPass password manager are vulnerable to this.
The researcher found that when a user inputs basic information into a site such as their name and email address, the autofill system will complete the form with the rest of their saved information, even when there are no boxes visible on the page.
This means that an autofill system could be giving away sensitive information that scammers could intercept. Fraudsters could use a phishing attack to get their hands on at least some of your information by asking you to complete an online form.
Each browser responds to this threat in different ways. Google Chrome's autofill system is active by default and can store details such as your email address, phone number and credit card details. Mozilla Firefox doesn't have a multi-box autofill system and cannot be tricked into filling text boxes – so it should be easier to avoid this problem with this browser.
Don't be a victim
You can protect yourself from this type of phishing attack by disabling the autofill system. It doesn't take long to disable autofill on Chrome, simply follow these instructions.
1. Open Chrome.
2. Click ⋮ and then Settings.
3. Scroll to the bottom and click Show advanced settings.
4. Under the heading "Passwords and forms", untick "Enable Autofill to fill out web forms in a single click".
And then you're done. Just keep in mind that you'll now have to input your personal information each time you fill out a form, shop online or sign up to account. You can find out how to change AutoFill settings for Safari here.
In general, you should stay away from unsolicited emails that you receive out of the blue and ask you to fill in a form. Even if the form just contains fields for your name or email address, fraudsters might be able to access your card details if you enable browser autofill on your device.
You can protect yourself against phishing scams by reading the email carefully and looking out for any poor spelling or grammar. You should be cautious of any emails that try to rush you into action. Most importantly, you should always trust your gut – if something doesn't seem right, just delete the email.
Fraudsters don't need a lot of information to try and get their hands on your cash – find out what a scammer can do with your address and phone number.