Online protection and the Autofill tool
If you are like most people, you do an awful lot of online shopping compared to even a couple of years ago. Moreover, one little seemingly innocuous tool has probably made life easier for you to buy plane tickets or get seats at the big game (do we have any of those in Vancouver anymore?). That tool? The understated autofill form tool in Chrome and Safari (and Opera for Apple mobile devices). Very handy for sure. Nevertheless, you should know that your convenience comes at a price: it is just another item in the long (and growing) list of hack targets.
What’s the rub?
Form data and the corresponding fields can carry some very private information. Things like your name and address, phone numbers, credit card numbers (including the CVV) and social insurance numbers are at risk each time you use the autofill tool in the name of timesaving.
The hack is performed by simply tricking you into believing all you need do is enter your name and email address to gain access to <insert free/no-cost object of desire here>. Meanwhile, the perpetrators have hidden the other auto filled fields from your view but just because you don’t see them doesn’t mean they aren’t dutifully being filled in by Chrome or Safari. Therefore, you think you are registering for a webinar with your name and email but in reality, you are also filling in extra fields with your credit card number and CVV all by virtue of what would otherwise be a simple yet powerful tool.
It’s not that this is anything new – it isn’t. Actually, it is very surprising we haven’t heard of more occurrences of this sinister little trick. Maybe people are getting ripped off but just don’t know how. The scary thing is it is not limited to autofill forms. It is also a vulnerability for autofill passwords. Got your attention now?
Detection and prevention
While no one seems to have figured out how to detect it – or maybe no one cares enough to try – preventing it is easy enough. Don’t use autofill forms and don’t use autofill passwords. It is very easy to disable in Chrome and Safari. Or use Internet Explorer or better yet, Firefox. Neither of those browsers have managed to integrate autofill forms yet, which is probably a blessing in disguise.
While not the most sophisticated attack vector out there, this particular form of online data and identity theft considers two very important human characteristics: laziness and complacency. I’m too lazy to fill in the same repetitive information website after website, purchase after purchase – too painful. And we get complacent “Hey, I’ve never had a problem with this in the past, so no big deal.” Until it is. Like multiple passwords for multiple websites, some things are not worth risking.
Take a big step in ensuring you aren’t targeted by cyber-swindlers. Call us today.