Formjacking: Hackers’ New Favorite Way to Steal Credit Card Information (And How to Avoid it)

You’ve added your favorite products to the shopping cart. Now, it’s time to take your credit card out of your wallet and make the payment. As the site is secure and you have already done shopping on this e-commerce website in the past, you don’t think much before entering your credit/debit card details during the checkout.

But have you ever imagined that your card details can be stolen when you are making the payment to your favorite online store?

Yes, my friend, hackers can steal your card details and make you broke. In fact, stealing card details have become hackers’ new tool to swipe online shoppers’ money. And the term used for this unethical, malicious technique is Formjacking.

What exactly is formjacking?

Formjacking is almost the same as ATM skimming, the only difference is it happens online. After entering credit or debit card details, when a user of an e-commerce website clicks on submit or its equivalent button, a malicious javascript code injected by a hacker to the e-store collects the credit card details of the user and send this information to the hacker’s server.

Once the hacker has the credit card details of users, he/she can use the details to do credit card frauds or sell the details to other cybercriminals on the dark web.

Symantec has created an infographic to explain the process.

Fromjacking is not a small threat. According to Symantec, formjacking attacks soared with an average of 4,800 websites compromised each month.

Popular brands like British Airways, Ticketmaster, Newegg, and Feedify publically reported formjacking reported by the hacker group Magecart.

Who is Magecart?

Magecart is a common name given to a group of seven major card-skimming cybercriminals. Magecart threat group was responsible for the recent attack against Ticketmaster, Feedify, British Airways, Everlast, the National Republican Senate Committee, Newegg, Oxo, and Groopdealz. All these seven use the same toolset version, but their tactics and techniques differ.

RiskIQ and Flashpoint created a detailed document on different groups of Magecart. You can access the PDF from here. From this report, you can learn about each group’s tactics, targets, and victims and what makes these groups different from each other. You will also know about growing criminal underworld that helps these groups work and monetize their campaigns.

How to avoid formjacking

Magecart formjacking cybercriminals use malicious JavaScript to steal customers’ credit card information. As they exploit customer payment forms, a web browser-based script blocker can provide protection against formjacking attack.

Following are some effective script blockers for popular browsers:

• ScriptSafe is good for blocking script for Google Chrome and Chrome-based browser like Vivaldi
• NoScript is effective for blocking intrusive script for Firefox
• Safari users can use JS blocker

As smaller online shopping sites might not have high protection level as the bigger sites have, avoiding shopping from small players can be a proactive way to stay safe online. But attacks on leading brands like British Airways proves that none is safe. But still, any small site is more likely to get attacked than a bigger site.

Many times attackers go through the third-party tools and applications. If you’re a site owner, you should test any software update before installing it.

Also, you should look for tools that check your website realtime and inform you if there is any change.

<a href="https://medium.com/media/3c851dac986ab6dbb2d1aaa91205a8eb/href">https://medium.com/media/3c851dac986ab6dbb2d1aaa91205a8eb/href</a>