Home Security Formjacking: The newest way hackers are stealing credit card information

Formjacking: The newest way hackers are stealing credit card information

2018 was the year of ransomware, phishing scams and the cryptocurrency hack known as cryptojacking. Come 2019 however, hackers have a new weapon in their arsenal — formjacking.

According to the Symantec Internet Security Threat Report, as security companies get better at preventing common scams, instances of formjacking have skyrocketed, with an average of almost 5,000 websites per month becoming victim to a formjacking attack during 2018.

What is formjacking?

So, what is this new form of cybercrime and how can Canadians protect themselves?

Robert Arandjelovic, the Director of Product Marketing for Symantec Americas, describes it as the digital equivalent of putting a device on an ATM to skim the numbers on a debit card.

“Formjacking is effectively, a remote, web-based version of that,” he explained.

WATCH: Government not stressing cybersecurity importance with MLAs

Cybercriminals use a malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites.

Formjacking follows the upward trend of web-based hacking, meaning that you no longer need to download malicious software to be impacted by it. Cryptojacking, another web-based cybercrime, uses a similar kind of JavaScript code to turn the computers of those who visit the web page into cryptocurrency-mining devices.

All you have to do is visit a website running the code to be vulnerable.

WATCH: Cyber security experts warn about ‘cryptojacking’

There is another key difference between cryptojacking and formjacking. The former is known to radically slow down devices to the point where consumers know something is amiss, while the latter is almost impossible to detect until you get your credit card bill.

“What makes this really scalable is that nothing is actually impacting the computers. The bad guys are actually finding a way to infect the website itself,” Arandjelovic explained.

Credit card or other payment information entered into these sites is then siphoned off and sent to a secondary location and is often used to commit fraud. It’s important to note, however, that while the focus may be on payment information, PC Mag reports that anything entered into a digital form can be stolen this way.

He emphasizes that small businesses and individuals weren’t the only victims of this crime last year. British Airways and Ticketmaster also fell victim to formjacking attacks over the past few months.

Furthermore, over a three-month period at the end of 2018, Symantec said it was tracking more than one million formjacking attempts on over 10,000 websites.

How can you protect yourself?

Arandjelovic suggests that the best way to prevent your information from being stolen in a formjacking scam is to apply many of the same security rules you would to other scams. The first is, download antivirus software and keep up with regular security updates. Symantec claims it blocked over 3.7-million formjacking attempts in 2018, with approximately one in 40 of these targeting Canadians.

For businesses however, PC Mag reports that there are other ways to safeguard your website from cybercriminals. These could involve making sure that any sites your e-commerce site interacts with to process transactions (such as secondary payment processors) is clear of malicious code.

Arandjelovic also stresses that, while it may be tempting at times, it’s critical you don’t complete monetary transactions on devices you’re unfamiliar with or while using internet connections like public Wi-Fi.


Please enter your comment!
Please enter your name here

Must Read

Bitgo Plans to Launch Wrapped Bitcoin on the Tron Blockchain

Members of the crypto ecosystem will soon be able to leverage WBTC via the Tron (TRX) network. Just like the tokenized BTC created using Ethereum’s ERC20...

Ethereum’s Long Term Chart Is Extremely Simple To Read

The weekly Ethereum chart, as opposed to the daily chart, is simple and concise. There are 2 simple...

US Department of Transportation Says Blockchain Has Many Applications For Unmanned Aircraft Systems (Drones)

Blockchain technology could assist with adjusting and improving current technical challenges in the expanding business of commercial drone delivery, said the US...

Security tokens, blockchain settlement draw interest from institutions: MIT Bitcoin Expo panel

Amid growing competition between providers, institutions in the traditional finance space are looking at blockchain as another way to offer value to...

Networking 2.0 at Blockchain Life 2020

Make hundreds of connections at Blockchain Life 2020 The 5th Blockchain Life 2020 returns to Moscow on April 22-23 at the unique media...