How to defend from phishing: disable autofill

Modern-day browsers autofill feature is a truly useful option: it allows us to fill out forms without writing down all information needed.

Autofill in Opera, Google Chrome, and Safari is actually pretty flawed: it can be tricked to provide all personal information on sites we visit. This process has been uncovered by Viljiami Kuosmanen, a developer who published a paper about this issue; in a GIF he exemplified this kind of phishing through browsers’ autofill feature.

“autofill

In his example, we can see a typical phishing site, with text forms for basic information like email and name. But if you use autofill, a malicious site could use hidden text boxes to get further information, without the user ever knowing it. Such sites could get your telephone number, your home address, or in the worst case scenario, your credit card number. There’s a way to protect your privacy: never fill out forms on ambiguous sites, use Mozilla Firefox that has no such problem, or disable autofill on your browser, or on the browser you use just to sign up to services.

Disable Autofill in Chrome

On Google Chrome you have to click on the three-dot button next to the address bar, choose Settings > Show Advanced Settings > scroll down to Password & Forms, deflag “Enable Autofill to fill out web forms in a single click”.

Disable Autofill in Safari

For those who use Safari, go to Settings > AutoFill > deflag all info you don’t want to fill in by default.

Disable Autofill in Opera

If you’re using Opera, go to Settings > Privacy & Security > find Autofill > deflag “Enable Auto-Filling Forms on Webpages”.

Posted in:

Leave a Reply

Your email address will not be published. Required fields are marked *