Skip to content

What is Formjacking, how it works and protective measures

  • by
  • 3 min read

Formjacking is stealing one’s personal information, bank details through different e-commerce or banking websites when a user enters these details. It is a way of skimming ATM/credit/debit cards. With the help of malicious codes, the hacker can capture sensitive user information.

Formjacking the latest way of a cyber attack. With the ever-changing tech world, hackers find new ways to earn profits from various organisations or individuals. Since the value of cryptocurrencies, such as Bitcoin, started to drop drastically, hackers found this new way to make profits.

According to the Symantec Internet Security Threat Report 2019, formjacking attacks hit 4,818 unique websites every month in 2018. The last two months of 2018 saw over a million formjacking attempts. The data from a single credit card is being sold for up to $45 in underground markets on the Deep web.

Also read: What is Doxxing? Should you be worried? Precautions

How does Formjacking work?

Formjacking attack takes place by inserting malicious code into an e-commerce or banking website. The code is then responsible for stealing or capturing payment information such as card details, names, and other personal information. Sometimes the information is obtained by the hackers as soon as you enter it in the fields of the web page instead of capturing it at the time of sending it for further processing.Hacking Android: How your phone can be compromised by a rogue app The stolen data is sent to servers from where it stored, which is further reused or sold to someone. They then sell the sensitive information gathered online mostly on the dark web. There are plenty of international and Russian websites where you can find the stolen bank credentials with some of them showing themselves as a professional website. This complete process goes unnoticed, and the affected user remains unaware until the fraud happens.

How to protect yourself from Formjacking

Use web browser extensions

Most of the formjacking happens using JavaScript to steal information. You can use a browser-based script blocker to stop a formjacking attack stealing your data.

Adding these extensions to your browser will not give you complete protection but will reduce the chances of a formjacking attack on your system.

Things you need to remember to protect yourself

  • Don’t use non-secure URL (without https://) to shop online.
  • Check your credit card bill monthly to verify that there is no bogus transaction and if there is any inform your creditor as soon as possible.
  • Keep an eye on your credit score. An unexpected drop in your score shows a formjacking attack.
  • If possible, use a credit monitoring system to track your credit accounts and to inform you about any malicious activities.

Browse safely!

Also read: What is DNS cache poisoning? How to protect your PC?

Akshit Kansal

Akshit Kansal

A BTech student whose interest lies in automobiles, tech, music, coding and badminton.

>