1310 Nowell Road
Raleigh, NC 27607
Many employees rely on their web browser’s auto-fill feature to make day-to-day Internet tasks easier and more convenient. From Safari and Firefox to Google Chrome and Microsoft Edge, modern Internet browsers all seek to save users time by using previously entered information to automatically populate login boxes and form fields. However, precisely because auto-fill is as ubiquitous as it is, hackers have developed a way to utilize your employees’ reliance on auto-fill in a new form of phishing attack that could put your business’ critical secure data at risk.
The potential to use a browser’s auto-fill feature in phishing attacks was first revealed by Finnish web developer Viljami Kuosmanen. Speaking with technical support site Bleeping Computer last month, Kuosmanen noted that he “had known about this issue for a long time” and had decided to investigate further to demonstrate the extent of the risk.
Essentially, a user can become vulnerable to a phishing attack utilizing their browser’s auto-fill feature upon being directed to an illicit website with invisible form fields. For example, this user could be attempting to unsubscribe from what looks to be a regular spam e-mail. Upon clicking on the “unsubscribe” link in the e-mail, the user is directed to a normal-looking website with fields to enter their name and e-mail address to remove themselves from the spam e-mail list. What the user doesn’t see are the hidden form fields on the page designed to steal their personal or business information. By entering in their name and e-mail address, the user will trigger their browser’s auto-fill feature to fill in the hidden fields, which could include sensitive business information such as account numbers or credit card numbers.
Kuosmanen created a mock website to demonstrate the extent of the risk of auto-fill being used for phishing attacks; this site actually showed how easy it was for a hacker to deceive users into sharing stored data. In his research, Kuosmanen says that he was surprised by how much information the Google Chrome browser he was using had saved for auto-fill.
Given how pervasive auto-fill is, how can you help your employees avoid falling victim to this phishing scheme? Luckily, the solution is fairly straightforward. If your company’s computers use a browser that automatically enables auto-fill such as Safari or Chrome, you will need to have your employees deactivate the feature. Turning off auto-fill take one click in the Settings or Preferences menu. If you want to take additional precautions to avoid such phishing attacks, have your employees switch to Microsoft Edge or Firefox; these browsers don’t allow multi-field auto-fill at all.
Concerned that your employees might be engaging in practices that put your business’ cyber security at risk? Our team of experts can evaluate your data security procedures and see if you have any weak points that are putting your company at risk. Contact us today at (919) 424-2000 or firstname.lastname@example.org to learn more.
Always at your service to provide the highest level of quality support to our customers.
Anthony Firth Client Engineer
“I’m passionate about building and fostering relationships, and finding solutions for success.”
Michael Koenig Client Account Manager
“I help clients stabilize and grow their IT infrastructure so they can focus on growing their core business.”
Josh Wilshire Systems Engineer Team Lead
“I strive to provide the highest level of quality service to our customers.”
Tommy Williams Sr. Hardware Engineer
“I’m driven by the steadfast belief that technology must serve as a business enabler. This mantra has driven 21
Years of successful partnerships.”
Stephen Riddick VP Sales & Marketing
“CSP doesn’t succeed unless your company succeeds.”
Stephen Allen Inventory Manager
“Through my intuition and genuine concern to help others I have built long-lasting relationships with our customers, co-workers and business partners.”
Scott Forbes VP Support Services
“Every day, I work with clients to help plan the future of their businesses.”
Michael Bowman vCIO
“Your IT problems become our IT solutions.”
Mark McLemore Project Engineer
“Managing internal and external operations to ensure that CSP provides quality and reliable customer service .”
Margie Figueroa Business Manager
“Providing quality internal and externals financial support to our customers and accounting support to CSP.”
Katie Steiglitz Accounting Administrator
“Some call me the CEO. I call myself the Cheerleader for an awesome team!”
William B. Riddick Founder & CEO
“CSP is here to assist you with your IT needs.”
Beth Wylie Inside Sales Manager
On What Questions You Need To Ask Before Signing Any Agreement.
"*" indicates required fields
Raleigh IT Support Company and IT Services Provider | CSP Inc.
1310 Nowell Rd,
Raleigh, NC 27607
Receive email updates and informative marketing materials by subscribing to our newsletter.