About 4,800 websites get infected with formjacking software every month globally. The newest Symantec’s Internet Security Threat Report lists formjacking as one of the most dangerous attacks in the history of cybercrime.
Formjacking is like virtual ATM skimming. First, cyber criminals inject malicious code into an online shopping website to steal victims’ payment card details. The code reads credit card information as the person enters it, and then sends that information to the hacker.
“Formjacking is becoming more and more used by cybercriminals because of the simplicity to carry out it. The actual e-commerce transaction goes through as if nothing has happened. The victim usually realizes that they have been attacked just when charges start showing up on credit card statements,” says Daniel Markuson, a digital privacy expert at NordVPN.
Symantec’s research revealed that small and medium-sized retailers are the most widely compromised, although no company is immune. Even the online payment websites of such well-known retailers as Ticketmaster and British Airways suffered from formjacking code.
It’s hardly possible for users to detect this kind of attack until it’s too late. That’s why it’s mainly up to e-shops and other e-commerce platforms to defeat this threat. Nevertheless, good online shopping practices can still protect you from the risk of losing your money. There are a couple of ways to stay safe:
- Shop only at reputable websites. Avoid making impulsive purchases from online shops you don’t know. Keep in mind that smaller sites that do not have enough resources and the same level of protection as major sites are more likely to host a formjacking script.
- Carefully read other customers’ reviews. If someone has already been hit by a formjacking attack, it‘s very likely that you’ll find a comment about that. Always do your research in advance and if you notice something suspicious, better look for another store.
- Provide companies only with necessary information. The less data they have, the less they can leak. Don’t provide your date of birth, social security number, or bank account number just because someone asks for it.
- Stay organized. Make sure to keep all your documentation, such as receipts or order confirmation numbers to prove your online purchase. It is also important to constantly check your credit card statements. If you see any activities on your balance that you don’t expect to find, try to recall whether you really authorized the charge. If you can’t recall it, inform your bank or credit card issuer, and they should be able to help you.