Last year, several retailers fell victim to a cyber attack that exposed the payment information of several of their customers. One well known example is the British Airways breach that affected more than 380,000 passengers. All of these retailers were targets of an attack known as formjacking. Formjacking is not a new attack but it is seeing a rise in the threat landscape. According to a new report by Symantec, formjacking attacks affect an average of more than 4,800 websites each month. As companies start to get more savvy in blocking attacks, hackers will be looking to use more creative ways, like formjacking, to target businesses.


Source: BleepingComputer

What is Formjacking?

Formjacking is a type of website hijacking, which is when hackers inject malicious codes into websites to steal user information. Formjacking tends to target retail websites in order to steal credit card information. It’s important to note that formjacking is not an infection that spreads to your network, but a code injection embedded in websites.

How Formjacking Works

A hacker will inject malicious script into the payment section of a website. When a user on the infected website uses the payment form to check out, the script will copy the details entered by the user and send it to the hackers. These attacks go undetected because the website continues to operate normally. Thus, users are giving their information to hackers without even realizing it.

4 Preventative Measures You Can Take

1. Don’t enter payment information directly:  When making online purchases, try to avoid using the website payment form by using a payment service like PayPal instead. Customers who use PayPal are redirected to the PayPal website when making the purchase. Since your payment information is entered in a separate website, your information will not be compromised. Using mobile payment options like Apple Pay or Google Pay will also help hide your payment information, which makes it harder to steal.

2. Monitor Outbound Traffic with SIEM: Security Information and Event Management (SIEM) systems use behavioural analytics to detect threats with the help of use cases. Using a SIEM system like Secure IT – SIEM can help detect suspicious activity like increased outbound traffic. If your traffic activity is looking suspicious, it might be time to investigate your website for malicious code.

3, Review third party scripts: Formjacking attacks are also affecting businesses via third party providers. Ticketmaster was breached last year via a third party chat bot it uses for customer support. It’s important for businesses to do their research when partnering with a third-party and ensure they are properly audited. Companies should also look to reduce the amount of third-party scripts on their websites and only keep those that are essential.

4. Conduct a vulnerability assessment: Vulnerabilities tend to be discovered once they start doing damage. A vulnerability assessment will analyze your systems and networks to help you detect and address security gaps. This can help your organization address security gaps and issues before they become a larger problem. Catching malicious script in your website before it can do damage to your brand and customers is key. Have your websites scanned for malicious code when doing your assessment. If you’d like to conduct a vulnerability assessment, contact Jolera today.