What is Formjacking and How Does it Work?

Formjacking is when cybercriminals inject malicious JavaScript code to hack a website and take over the functionality of the site's form page to collect sensitive user information.

Image

What is Formjacking

Formjacking is when cybercriminals inject malicious JavaScript code to hack a website and take over the functionality of the site's form page to collect sensitive user information. Formjacking is designed to steal credit card details and other information from payment forms that can be captured on the checkout pages of websites.

How does formjacking work?

Once a website user enters their payment card data on an e-commerce payment page and clicks “submit,” the malicious JavaScript code is what collects the entered information. The malicious JavaScript code that has been installed by the cyberthieves can collect information such as payment card details, home and business addresses, phone numbers and more. Once the information has been collected, it is then transferred to the attacker’s servers. The cyberthieves can then use this information for financial gain themselves, or they can sell the information on the dark web. With this information, cybercriminals can then use the data for identity theft or payment card fraud.

What to do if you think you have been formjacked? 

  • Contact your bank promptly to cancel the affected credit or debit card. Most financial institutions will not hold you responsible for charges if you notify them immediately upon discovering the fraud.
  • Monitor your bank and credit card statements closely for unauthorized or unfamiliar purchases.
  • Keep an eye on your credit scores. This can be a clue if a new card has been opened using your personal information.
  • Consider enrolling in identity theft protection, which helps protect your identity by alerting you to activity involving your personal information. You can also consider installing and running a robust device security software, like Norton 360, to help protect your devices against evolving cyberthreats like malware and ransomware.
Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 

Contents

    Want more?

    Follow us for all the latest news, tips and updates.