Formjacking is the New Favorite Hack of Cyber Crooks
Every month, thousands of retail websites are targeted by cybercriminals, who insert a small piece of malicious code that allows them to snatch customers’ credit card information. The hacking technique is called formjacking, and it’s the virtual equivalent of putting a device on an ATM to skim debit card numbers.
Affecting an average of 4,800 websites per month, formjacking is one of the newest favorite ways for hackers to steal personal data, according to security company Symantec’s annual Internet Security Threat Report.
Small and medium-sized businesses are still the most prominent targets of formjacking, according to Symantec, but in recent months, high profile brands including British Airways and Ticketmaster have also fallen victim to attacks. Symantec said it blocked more than 3.7 million formjacking attacks on websites in 2018, with one-third of those happening during the holiday shopping season.
“Formjacking represents a serious threat for both businesses and consumers,” Greg Clark, CEO of Symantec, said in a statement. “Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft.”
As returns diminish on older hacking techniques, formjacking has become a lucrative choice for cyber crooks, though it’s impossible to quantify the amount stolen from every formjacking attack in 2018. Symantec estimates criminals were able to steal “tens of millions of dollars” by using credit card information or selling the numbers on the dark web for around $45 each.
Meanwhile, instances of ransomware declined 20% overall for the first time since 2013, according to Symantec. One primary reason for this is the decreased value of cryptocurrency, which hackers use to demand payments.
Of course, hackers are expert shape-shifters and are always looking for new, sophisticated ways to sneak up and steal private information. Security experts recommend staying on top of threats by using antivirus software and by checking to make sure any website where you enter your credit card information has a lock icon next to the domain, indicating it’s a secure server.
Hackers have also been known to go old school, too, by sending targets phishing emails as a way to socially engineer them into sending personal information. But companies are increasingly on the lookout for these dangerous messages. Google even developed a phishing quizto help web users better identify potentially dangerous emails.