Formjacking is stealing one’s personal information, bank details through different e-commerce or banking websites when a user enters these details. It is a way of skimming ATM/credit/debit cards. With the help of malicious codes, the hacker can capture sensitive user information.
Formjacking the latest way of a cyber attack. With the ever-changing tech world, hackers find new ways to earn profits from various organisations or individuals. Since the value of cryptocurrencies, such as Bitcoin, started to drop drastically, hackers found this new way to make profits.
According to the Symantec Internet Security Threat Report 2019, formjacking attacks hit 4,818 unique websites every month in 2018. The last two months of 2018 saw over a million formjacking attempts. The data from a single credit card is being sold for up to $45 in underground markets on the Deep web.
How does Formjacking work?
Formjacking attack takes place by inserting malicious code into an e-commerce or banking website. The code is then responsible for stealing or capturing payment information such as card details, names, and other personal information. Sometimes the information is obtained by the hackers as soon as you enter it in the fields of the web page instead of capturing it at the time of sending it for further processing. The stolen data is sent to servers from where it stored, which is further reused or sold to someone. They then sell the sensitive information gathered online mostly on the dark web. There are plenty of international and Russian websites where you can find the stolen bank credentials with some of them showing themselves as a professional website. This complete process goes unnoticed, and the affected user remains unaware until the fraud happens.
How to protect yourself from Formjacking
Use web browser extensions
Adding these extensions to your browser will not give you complete protection but will reduce the chances of a formjacking attack on your system.
Things you need to remember to protect yourself
- Don’t use non-secure URL (without https://) to shop online.
- Check your credit card bill monthly to verify that there is no bogus transaction and if there is any inform your creditor as soon as possible.
- Keep an eye on your credit score. An unexpected drop in your score shows a formjacking attack.
- If possible, use a credit monitoring system to track your credit accounts and to inform you about any malicious activities.