What is formjacking? New cyber security scam is on the rise

ABC 7 Chicago

2 Oct 201903:24

Summary

TLDRForm jacking is a growing cybersecurity threat where hackers infiltrate secure websites and steal sensitive data, such as credit card information, by inserting malicious code into forms. This type of digital theft can go unnoticed by users, as attackers capture information in real-time while it is being entered. With form jacking on the rise, experts recommend consumers monitor their credit card statements, use secure mobile apps for transactions, and leverage tools like virtual card numbers to enhance security. As threats evolve, staying informed and adopting robust cybersecurity practices is crucial to protecting personal data.

Takeaways

😀 Form jacking is a growing cybersecurity threat where hackers inject malicious code into websites to steal personal information.
😀 This type of attack can affect even secure websites like e-commerce platforms, job applications, or government forms.
😀 Form jacking operates similarly to credit card skimming at ATMs, where hackers intercept sensitive data without the user's knowledge.
😀 A 2018 report showed a 117% increase in form jacking incidents over a short period, reflecting its rapid growth.
😀 Hackers often target third-party applications integrated into websites (like customer service chatboxes) to inject malicious code.
😀 Traditional antivirus programs often miss detecting form jacking because the malicious code is embedded in external services.
😀 Consumers are vulnerable to form jacking because it typically happens without any visible signs of tampering on the website.
😀 To protect against form jacking, experts recommend using secure mobile apps and opting for services like Apple Pay or Google Pay.
😀 Regularly monitoring credit card statements and credit scores can help detect fraudulent transactions linked to form jacking.
😀 Some financial institutions offer disposable digital numbers for online transactions, which provide additional security against fraud.
😀 Businesses can combat form jacking by ensuring their website code and third-party applications remain secure and up-to-date.

Q & A

What is form jacking?
-Form jacking is a cybercrime where hackers inject malicious code into a website’s forms to steal sensitive information, such as credit card numbers or personal data, as users fill out forms on a site.
How does form jacking work?
-Hackers exploit website forms, often through third-party services like customer service chat tools, injecting malicious code that captures the data users input on a form without them realizing it.
What is the difference between form jacking and credit card skimming?
-Form jacking is similar to credit card skimming in that both involve stealing sensitive information. While credit card skimming happens at ATMs using physical devices, form jacking happens online through malicious code injected into website forms.
Why is form jacking on the rise?
-Form jacking is increasing because hackers can inject malicious code through third-party services that websites use, making it harder for security systems to detect. The rise in online transactions has also created more opportunities for attackers.
Can form jacking affect any website?
-Yes, form jacking can potentially affect any website, especially those that rely on third-party services for features like customer support forms or payment processing.
How can businesses protect themselves from form jacking?
-Businesses can protect themselves by regularly auditing their website security, ensuring that third-party services are secure, updating their application code, and monitoring their websites for unusual activity.
What can consumers do to protect themselves from form jacking?
-Consumers can protect themselves by using secure websites (look for 'HTTPS'), regularly monitoring their credit card statements, using secure payment methods like Apple Pay or Google Pay, and considering virtual credit cards for online transactions.
Why might consumers not realize they’ve been victims of form jacking?
-Consumers often don’t realize they've been victimized by form jacking because the malicious code works silently in the background, and the transaction appears to be completed as normal, with no obvious signs of compromise.
What steps can consumers take to monitor for signs of form jacking?
-Consumers should check their credit card and bank statements regularly, monitor their credit score for any sudden drops, and use tools that alert them to unusual activity in their accounts.
How do Apple Pay and Google Pay enhance security against form jacking?
-Apple Pay and Google Pay use tokenization, which creates a unique identifier for each transaction instead of transmitting actual credit card details. This makes it harder for hackers to steal sensitive information during online transactions.