Auto-fill Phishing Attack - This is scary. You better turn off your browser's auto-fill feature.

There is interesting breaking news from web developer and hacker Viljami Kuosmanen as reported in The Guardian - Browser autofill used to steal personal details in new phishing attack.

 “The phising attack is brutally simple… when a user fills in information in some simple text boxes, such as name and email address, the autofill system, which is intended to avoid tedious repetition of standard information such as your address, will input other profile-based information into any other text boxes – even when those boxes are not visible on the page.

Disabling Autofill in Web Browsers

Google Chrome

1.       At the top right, click on the Settings icon (represented by three vertical dots).

2.       From the drop-down menu, click on “Settings”.

Google Settings menu

3.       At the bottom of the Settings page, click on “Show advanced settings”.

4.       Scroll down to “Passwords and forms”, and uncheck the box for “Enable Autofill to fill out web forms in a single click.”

Google Chrome Advanced Settings

Apple Safari

1.       From the top menu, choose Safari > Preferences and click AutoFill.

2.       Uncheck all AutoFill option boxes.

Apple Safari Autofill option boxes

Opera

1.       Click on the Opera button.

2.       Click on “Settings”, and then click “Privacy and Security”.

Opera Settings menu

3.       Scroll to “AutoFill”, and uncheck the box for “Enable auto-filling of forms on webpages”.

Opera autofill check box

LastPass doesn’t actually autofill any information without prompting the user first, per this FAQ: https://lastpass.com/support.php?cmd=showfaq&id=11012

They do, however, recommend disabling autofill for the browsers themselves.