What is Formjacking and How Does it Work?

What is Formjacking

Formjacking is when cybercriminals inject malicious JavaScript code to hack a website and take over the functionality of the site's form page to collect sensitive user information. Formjacking is designed to steal credit card details and other information from payment forms that can be captured on the checkout pages of websites.

How does formjacking work?

Once a website user enters their payment card data on an e-commerce payment page and clicks “submit,” the malicious JavaScript code is what collects the entered information. The malicious JavaScript code that has been installed by the cyberthieves can collect information such as payment card details, home and business addresses, phone numbers and more. Once the information has been collected, it is then transferred to the attacker’s servers. The cyberthieves can then use this information for financial gain themselves, or they can sell the information on the dark web. With this information, cybercriminals can then use the data for identity theft or payment card fraud.

What to do if you think you have been formjacked? 

• Contact your bank promptly to cancel the affected credit or debit card. Most financial institutions will not hold you responsible for charges if you notify them immediately upon discovering the fraud.
• Monitor your bank and credit card statements closely for unauthorized or unfamiliar purchases.
• Keep an eye on your credit scores. This can be a clue if a new card has been opened using your personal information.
• Consider enrolling in identity theft protection, which helps protect your identity by alerting you to activity involving your personal information. You can also consider installing and running a robust device security software, like Norton 360, to help protect your devices against evolving cyberthreats like malware and ransomware.