What is formjacking?

Formjacking is a type of cyber attack, whereby hackers insert a small piece of malicious code into the checkout pages of e-commerce sites, which then enables them to steal customers’ payment card information.

What’s the problem with formjacking?

If you’ve ever bought anything online, you’ll no doubt have been a little wary about putting your bank card details into the payment form on certain sites – maybe you were getting a bargain from a site you’ve never used before, or something just didn’t ‘feel’ right about the whole thing.

When  entering any sensitive information, particularly financial information, you should always make sure of the following:

  • The site you’re using is genuine
  • The site you’re using is secure
  • You’re not following a link from an email that could be a fake
  • You’re not connected to a pubic wi-fi network.

The trouble is, even carrying out these routine checks won’t fully ensure your online safety, as hackers are using formjacking to target world’s biggest companies, carrying out over 6,000 attacks every day.

A study from Symantec, global provider of cyber security systems, has found more than 4,800 websites are being hit by formjacking attacks every month, with some big names including BA and Ticketmaster falling victim.

It seems that cyber criminals are placing less of an emphasis on more established techniques, such as ransomware and mining crypto-currencies, and turning to formjacking simply because it can make them much more money.

Although ransomware is still used,  infections have fallen by 20% over the last 12 months, it seems that a greater awareness of online security by households and businesses is making it harder for criminals to cash in.

How does formjacking work?

Formjacking is a relatively simple and opportunistic, yet very effective, type of cyber attack – when sites don’t update their security or core software systems, or fail to close loopholes in third party apps, including online chat or analytics packages, hackers will use this window of opportunity to insert an attack code that can scrape sensitive information.

These small lines of code are very hard to detect but very effective.

How to avoid a formjacking attack

As with all cyber attacks, vigilance is the key, so always update core systems and security, and  work closely with your web app developers to ensure improperly formatted data is never inserted into the HTML content to comprise any web applications.