Privacy Radar

Formjacking

Formjacking refers to a kind of cyber attack against a website’s online form to extract any inputted data. This type of attack often targets websites that use credit card details, addresses, passwords, and any other form-submitted data.

Formjacking attacks are quite concerning because they plague popularly used and trusted websites. Websites to which users can entrust sensitive information based on their legitimacy. 

How does Formjacking work?

  • Infiltration: The hacker gains entry into a website’s code or takes advantage of vulnerabilities in its security measures. Attackers accomplish this using various means, including phishing attacks, weak passwords, or malware.
  • Inserting malicious code: The hacker inserts malicious JavaScript code into the website’s source code. This attacker would often hide this code inside legitimate scripts, making it hard to detect.
  • Data capture: As soon as the malicious code is active on the website, it will track and capture any information users enter into the online forms. This often includes names, credit card numbers, addresses, and other private information.
  • Data exfiltration: The extracted data gets sent to the hacker’s server, granting them access for future criminal purposes. The activities often include selling the data on dark web forums, making unauthorized purchases, or identity theft.

Example of Formjacking

  • A user visits an online retail platform to buy a new PC. They add the PC to their shopping cart and then proceed to the checkout page. Once here, the interface requires them to submit their personal information, including real name, home address, and credit card details.
  • Unknown to the user, the website has been infected by a Formjacking attack. The hacker has placed a malicious JavaScript code into the website’s payment form.
  • The user enters their credit card details and clicks the “Submit“ button. While this happens, the malicious JavaScript code silently captures the entered information, including his credit card number, expiration date, and security code.
  • The stolen data is swiftly sent to the hacker’s server. The attacker can now use the user’s credit card details to make unauthorized purchases or even sell the information on the dark web to other cybercriminals.
  • Unknown to the user, their credit card has been compromised.
  • The user will discover the scam, but it will already be too late.