What is FormJacking?
Whenever you make online payments, you fill in your debit/credit card details on the merchant’s website. That is entered into a form. If it is leaked to a cyber-criminal, the process is called FormJacking. This data can be used for direct card fraud or sold to other criminals.
How is FormJacking executed?
FormJacking is like card-skimming, except that it is almost undetectable and is executed through software. The attacker induces a Javascript code to the target website. Thereafter, whenever the user enters credentials to the website’s form, the data is transferred to a third party in the form of a supply chain attack. Since it is a copy, one cannot detect the fraud easily. Basically, once you hit the Submit button on your system, the original transition will work smoothly, and you would get no notification of the fraud at that point in time. This could also be done for general non-financial information submitted to forms.
What is the scope of FormJacking?
It is noted that 4800 major FormJacking attacks are reported per year and major companies like British Airways and Newegg have been targeted through FormJacking. Data is sold for as much as $45 on the Dark Web. As cyber-criminals witness the success of this concept, you can expect more of these incidents in the future.
How to prevent FormJacking?
While you cannot prevent FormJacking from your end, you could surely prevent the extent of the damage it may cause to your finances. Try the following prevention tips:
1] Keep a cap on your Debit Card and Credit Card usage
Keep a cap on your Debit Card and Credit Card usage which should be slightly more than your anticipated maximum one time spending. Eg. If you keep a cap of $1000 on your card, that would be the maximum amount you could lose. The option to keep a cap on your card can be accessed through your bank’s website or app.
2] Use a Credit Card for your transactions
When you use a Credit Card, the amount is deducted from the Credit card company’s account and not your account directly. In case of a fraud, the Credit Card company could be liable, not you. However, it depends on the local laws.
3] Check your bank statements regularly
It is important to check for discrepancies in your bank statements from time to time. The reason is that small frauds can go unnoticed and eventually they add up.
4] Check your Credit Score
While many cyber-criminals would prefer to use your bank details for fraud directly, others could take a loan using your Credit Card as leverage. If they deactivate the email and SMS options, then you might not know of the fraud easily. However, checking your Credit Score and the parameters affecting it will be helpful in establishing the said fraud.
5] Identity Theft Protection software
If you usually complete online form transactions through your personal or professional computer, it would be a good idea to use an Identity Theft Protection software. Most reputed security companies offer the same. It will mask your identity during the transactions. If you wish to go a step further with identity protection, then you can use cards with one time number codes, masked credit cards, etc. Read: How do you protect yourself against Carding credit card fraud?
Why is FormJacking growing?
FormJacking is growing because it is way more convenient and safer (for cyber-criminals) in comparison to card-skimming. This procedure doesn’t require any physical device and it is almost impossible to detect the culprit.
What is Magecart attack?
Magecart is both the name of the Javascript used and the syndicate subgroup involved in FormJacking. While many major attacks have been traced to this subgroup, any cyber-criminal can try FormJacking.