PORTLAND, Ore., Jan. 26, 2017 /PRNewswire/ -- The autofill function on your browser is convenient to help complete web forms quickly but did you know that many browsers will autofill hidden fields and provide a lot more data then you may be aware of?
Learn how to test your browser's autofill settings and help keep your organization safe: https://www.securecast.com/browser-autofill-vulnerability-test/
Earlier this month a web developer and hacker published how the autofill functionality on your browser such as Google Chrome, Safari, Internet Explorer, Opera and browser plugins like LastPass can be easily exploited into giving away far more data than you might intend simply by visiting a webpage.
How it works: It starts when an end user visits a phishing site that may look a lot like a trusted website or may be the result of a phishing email directing an end user to a phishing lure page. The webpage will have a simple form or text box where the end user will enter basic data such as name or email address. At this point the browser's autofill will attempt to auto-complete those fields in view and potentially several other hidden fields the user may not see collecting additional data such as: Credit Card, Social Security Number, Address, Phone, Etc.
With Phishing on the rise worldwide accounting for over 90% of data breaches and continuing to be the #1 end user hacking method, the Securecast team believes this recently publicized autofill vulnerability will present a serious risk to end users and organizations globally. Risks from Phishing include ransomware, username and password breach, identity fraud, financial loss from credit cards, W-2 breaches that leads to tax refund scams, wire fraud and data loss all start with a simple phishing attack and are amplified by this autofill risk.
Best practice suggests disabling autofill until browsers stop auto completing hidden fields. You can test your autofill at https://www.securecast.com/browser-autofill-vulnerability-test/
Securecast reduces the risk of Phishing threats in organizations around the globe. To learn more, visit www.securecast.com and start today for as little as $1 per user and for a limited time website and phishing best practice training courses are included at no additional cost.
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/browser-autofill-data-can-be-phished--how-to-test-vulnerability-and-stay-safe-300396440.html