Where "phone" is the honeypot field. Not shown in-browser, so usually only a bot will fill out the honeypot field, sending a strong signal that the form is an automated/spam request.
Of course, autofill messes this up. So the more correct implementation is to turn it off:
Another possibility would be to add two fields dynamically via JS at load, the first populated at load with a timestamp when the form was loaded... then add onkeyup/onfocus/onclick events for the other form fields, and when triggered populate the second field with the current timestamp.
From there, you can compare the numbers, offset from the current time, and do other checks. I mean, you might want to allow for up to an hour of drift, but most people won't sit on a page for an hour then hit submit.
Though it would be circumvented easy enough, if it's custom, would worry less about it.
The way I understand it, it's not that autocomplete can't be turned off, it's that "off" no longer turns it off. You can still turn it off in plenty of other ways.
Of course, autofill messes this up. So the more correct implementation is to turn it off:
But if an autofill of "off" is ignored this technique will no longer work, as the user's browser will fill in the honeypot field.