Saturday, June 30, 2018

Have you disabled autofill in your browser?

I was, at one time, an autofill user. How convenient for me that my browser fills in the answers for me in various web form fields, like name, address, phone number, zip code, etc. It's possible to input credit card data this way as well, although I never enabled that feature.

More recently, I disabled the autofill capability in my preferred browser, which happens to be Google Chrome. I did this because the bad guys figured out a way to cull this information without the user's knowledge.

How they do this is quite simple. The user clicks a link in a targeted phishing email and is redirected to the attacker's web page. A form on the page shows some blank fields—such as first name and last name.

With autofill enabled in browser settings, and with a single click, the user chooses to automatically fill the name fields, unaware that there are hidden fields on the page that are automatically filled as well—only with more sensitive information than just a name.

Note that if you use a password manager program (such as LastPass), it may have an autofill feature enabled.

For more information, see

Wednesday, June 6, 2018

Facebook users: Beware Target gift card scam

If one of your Facebook friends claims that he/she sent a text and received a free Target gift card in exchange, it's a hoax. The simple lesson here is that if it looks too good to be true, it probably is.

According to an article on, the Facebook post appears to come from someone you know, and it may look like this:

This is a phishing scam.

The rule of thumb to avoid being scammed is this: Don't click links or open attachments in unexpected or unusual messages. Always verify before clicking. Other red flags are messages urging you to act now, messages asking for money, and anything offering something for nothing.

Want to stay safe online? Be careful what you click. When in doubt, verify. It's as simple as that.

For more information, see