Slyck Chatbox - And More

Browser Autofill Used To Steal Personal Details In New Phishing Attack

What's happening in the technology world related to software. Please submit stories for this forum here.
Forum rules

Browser Autofill Used To Steal Personal Details In New Phishing Attack

Postby sunnyd » Tue Jan 10, 2017 12:16 pm

Story :

Your browser or password manager’s autofill might be inadvertently giving away your information to unscrupulous phishers using hidden text boxes on sites.

Finnish web developer and hacker Viljami Kuosmanen discovered that several web browsers, including Google’s Chrome, Apple’s Safari and Opera, as well as some plugins and utilities such as LastPass, can be tricked into giving away a user’s personal information through their profile-based autofill systems.

The phising attack is brutally simple. Kuosmanen discovered that when a user attempts to fill in information in some simple text boxes, such as name and email address, the autofill system, which is intended to avoid tedious repetition of standard information such as your address, will input other profile-based information into any other text boxes – even when those boxes are not visible on the page.

It means that when a user inputs seemingly innocent, basic information into a site, the autofill system could be giving away much more sensitive information at the same time should the user confirm the autofill. Chrome’s autofill system, which is switched on by default, stores data on email addresses, phone numbers, mailing addresses, organisations, credit card information and various other bits and pieces.

Follow Slyck on Twitter @SlyckDotCom
Join Slyck's Facebook Fan Page
User avatar
Posts: 30027
Joined: Mon Jan 21, 2008 2:34 pm

Return to Tech/Software News

Who is online

Users browsing this forum: No registered users and 0 guests

© 2001-2008