What is Formjacking?
Formjacking is a type of cyberattack that steals credit card details by inserting malicious JavaScript code into online payment forms. This malicious code operates covertly in the background on payment form web pages that are often served to the victim from a third-party payment processing company, but can also be found in:
- Web server’s configuration or software
- Content management system (CMS)
- E-commerce software
- Compromised (leaked) server credentials
Once a cyberattacker identifies a vulnerability, they inject the malicious code into the web application and obfuscate it to avoid detection by signature scanners. Once it is installed, the script collects user data from unwitting victims who have entered their credit card details in the form and clicked “submit” to complete their online transactions. After stealing the sensitive data and payment information, cyberattackers can use it for their own personal financial gain, sell it on the dark web, or use it for credit card fraud or identity theft.
Malicious code is frequently designed to load dynamically and to evade detection by external scanners. Cyberattackers may purposefully target a small percentage of users, only load in a real client-side environment, or remove themselves from memory when they detect code analysis taking place. As such, formjacking is difficult to detect, so the key to protecting yourself is to prevent it from happening.
Recommended formjacking prevention steps for individuals include:
- Notifying your bank as soon as possible if you discover fraudulent transactions
- Using banking apps that alert you to real-time transactions
- Using multi-factor authentication/authorization
- Monitoring your credit statements, bank accounts, and credit scores
- Signing up for identity theft services that could reimburse you for financial loss in the event of identity theft
- Masking credit cards or tokenization through apps like Apple Pay or Google Pay
- Using browser extensions to block scripts
Recommended formjacking prevention steps for eCommerce include:
- Automating penetration testing and vulnerability scans
- Fixing vulnerabilities as soon as you find them
- Rigorously testing website updates before launching them
- Using AI to improve monitoring of behavioral patterns
- Blocking suspicious patterns and applications that may cause damage to your system
- Monitoring and tracking third-party vendor applications
- Having full visibility into your code
- Using intrusion detection and prevention systems (IDPS)