Actually, the autofill function in internet browsers is handy. It automatically completes an entry when the first letters of a word are typed. However, there are also some dangers lurking behind them.
It is practical that browsers can retain form data once they have been entered – such as address, e-mail or telephone number – and later automatically suggest and insert it in a suitable place. However, this function, also known as “autofill” or “automatic filling in”, is also a security gap in many browsers and extensions.
The trick with invisible form fields
Attackers have already exploited the Aufofill function in the past by luring users to prepared websites where they should enter comparatively uncritical information such as name or email address. However, the pages were peppered with invisible form fields that used the autofill function to ask for – and receive – sensitive information from telephone numbers to credit card numbers.
Users who use the Chrome browser to surf the Internet are usually not aware of the attack. According to experts, Safari at least communicates which information the browser releases for a form. And that even if they are not visible. According to “Heise Security”, Firefox’s immunity to the attack scam results from the fact that users of this browser first have to click on each form field individually before the activated autofill function releases information.
Also read: How to turn off annoying browser notifications
How to disable autofill feature
To be on the safe side, the autofill function should therefore be deactivated in the settings, advises the online specialist service “Heise Security”. Although this is somewhat impractical in individual situations, it is safer in the long run. Chrome, Chromium-based browsers such as Opera or Vivaldi and Safari are affected, but not Firefox.
Turn off autofill on Chrome
Chrome users simply open the “Settings” menu (top right via the three small dots) and click on “Advanced settings” at the bottom.
In the side tab, the function appears as “Autofill” or “Automatic filling”. It differentiates between completing address data, passwords and payment methods. All three methods can be managed and deactivated independently of one another by clicking on the respective category.
Turn off autofill in Safari
If you use Safari, go to the settings as well. This can be reached by clicking on “Safari” in the upper left browser window. There you then select the tab “Fill out automatically” and remove the check mark for the information that should not be filled out automatically.
What exactly does “autofill phishing” look like?
Finnish hacker and web developer Viljami Kuosmanen, who was one of the first to draw attention to the vulnerability, has for demonstration purposes programmed your own page. So if you want to understand the method yourself, you can do so there.
In what appear to be two fields, all you have to do is enter your name and e-mail using auto-completion. Via “Submit” you can then look in the source code at what additional information is drawn in the background.