There's a recently discovered flaw in two of today’s most widely used Web browsers. This can potentially expose you to an online scam that's designed to steal your personally identifiable information like your name, home and office address, phone or mobile numbers and even your financial account details. Cyber security expert Viljami Kuosmanen has just found a flaw in the autofill feature of Google Chrome and Safari, which could be exploited by many criminal groups and fraudsters!
The autofill feature of Google Chrome and Safari makes it quick and easy for you to complete forms that you might want to fill out in certain websites and online applications. For example, Google Chrome's autofill function offers you the convenience of automatically populating your Gmail account credentials using your saved username and password details, without manually typing your credentials in the required text fields. You can also use Safari's autofill function to do this in Web apps like iTunes. However, an online scam that's designed as a new variant of phishing fraud can steal your other private details and personal information without you even knowing it because of this flaw, which Kuosmanen discovered just this month across Google Chrome and Safari browsers.
Kuosmanen also claim that password management tools and browser add-ons like LastPass is also vulnerable to this flaw. Because large numbers of users rely on this autofill feature of their Google Chrome and Safari browsers or on similar password managers, many cyber security analysts predict that an online scam is bound to be designed by many criminal groups and fraudsters around the world to soon exploit this vulnerability.
An Online Scam in the Making
Viljami Kuosmanen created a website with an online form that has hidden fields for the user's home address, phone number and organization to test this flaw. This form asks for the name and email address of a user. To simulate possible online scam variants, he tested this website in Google Chrome and Safari with the autofill function enabled.
After running a series of test cases - Kuosmanen found out that Safari and Google Chrome could potentially be exploited by an online scam which uses a similar tactic. He discovered that if you recently used the autofill feature of these two browsers by clicking automatically suggested data to populate a matching text field in a Web form, then the hidden fields in his test form are also automatically populated with the same data. This can allow fraudsters and criminal groups to create Web forms with hidden fields in legitimate looking sites, in order to secretly log the user's private details without the victim needing to click on any of the browser's suggested data.
It's a good thing that these Web browsers are also designed to prompt users when handling sensitive information like credit card details and online banking credentials, Kuosmanen said. Otherwise, an online scam can be designed to steal the financial accounts of unsuspecting users. The Firefox Web browser doesn't have this flaw because this program's autofill feature populates form fields one at a time, according to Kuosmanen.
How to Protect Yourself Against a Possible Online Scam for This Flaw
To defend yourself against a possible online scam that can exploit this vulnerability in Google Chrome, Safari and LastPass among other related password management browser extensions - It's best to disable the autofill feature during your regular day-to-day activities on the Internet, or not to use any password management tool for now. Just wait for the developers of these browsers and password managers to release an update that can fix this security issue.
You can also use Firefox at the moment while waiting for an update to Google Chrome, Safari, LastPass and other password management add-ons. You're also recommended to sign up at BigScammers.Com to receive instant notifications and real time alerts about the latest variations of this flaw and the possible online scam tactics that can be used by criminal groups and fraudsters to exploit this vulnerability.