‘You cannot see’ secret box on websites that steals your passwords and info – beware using common feature

A COMMONLY used internet trick may be putting you in danger, security experts warn.

It’s called auto-fill and you’ve probably used it, even if only by accident.

GettyBe careful when using auto-fill – only use it if you trust the website that you’re inputting information into[/caption]

This is when some of your information is saved to your web browser app, like your name, password, or credit card info.

Your browser can detect when forms that accept this info are on websites, and give you the option to automatically fill in the fields.

It saves you typing out the same information over and over, but cyber-experts at McAfee warned that “many may not realize” the danger of using this feature.

“As tempting as it is to use your browser’s autofill function to populate a long form, this shortcut may not be safe,” cyber-security giant McAfee warned in a special memo.

“Cybercriminals have found ways to capture credentials by inserting fake login boxes onto a web page that users cannot see.

“So, when you accept the option to autofill your username and password, you are also populating these fake boxes.”

Staying safe from “invisible” boxes may be tricky, so it’s important to be generally cautious when browsing the web.

It’s probably not a huge risk if you’re filling in information on highly reputable websites or inside trusted apps.

But be extremely cautious about handing any info over – never mind using auto-fill – on unfamiliar websites.

This is especially true if you’ve followed an unsolicited link to get there.

However, using a password manager is still good advice – so don’t quit Google Chrome’s built-in system or Apple’s iCloud Keychain just yet.

Just make sure to be wary about the websites that you used auto-fill on.

And if you’re nervous but need to enter a log-in, considering viewing your password in the saved iCloud Keychain, for instance, and typing it in manually.

BAD ADS

The security experts used the same report to warn over another sinister website scam called “malvertising”.

“If a user clicks on a seemingly legitimate and well-placed ad, they risk exposing themselves to numerous online threats,” McAfee explained.

“These ads can be infected with malware such as viruses or spyware.

“For example, hackers can exploit browser vulnerabilities to download malware, steal information about the device system, and gain control over its operations.”

If an ad looks suspicious, avoid clicking on it – especially if it makes outrageous claims or promises.

This is especially true if you’re already on a strange website that you’re unfamiliar with, or ended up on by accident.