Formjacking: How it Works and How to Prevent It

Bitdefender For Mac Buy

Technological advancements have ushered us into an era where digital transactions are becoming the new standard. People are encouraged to adopt digital payment methods with the promise of better security, more convenience, and even perks.

However, cyberthreats rarely discriminate and target just about everything that seeps into the online environment. Nowadays, several types of attacks could compromise sensitive information, including credentials, addresses, names and financial information. One of the most vicious attacks is formjacking.

What is formjacking

As its name suggests, this cyberattack involves perpetrators “hijacking” a webpage form on a vulnerable website by injecting malicious JavaScript code.

It belongs to a broader category of cyberthreats called “supply chain attacks,” where threat actors target organizations by attacking vulnerable providers within their supply chains.

Although attackers can use formjacking to steal any type of sensitive user information, the attack is mainly used with payment forms to siphon credit card information without arousing suspicion. In this case, the vulnerable provider is usually a third-party payment processor.

How formjacking works

Injecting malicious code into webpage forms requires identifying a vulnerability in the web application. The flaw can typically be found in:

  • A third-party library or application
  • The web server’s configuration or software
  • The content management system (CMS)
  • E-commerce software the website uses
  • Compromised (leaked) server credentials

After identifying the weak spot, attackers inject the subversive script into the web app and obfuscate it to avoid detection by signature scanners.

Once installed, the script collects user data sent to the website through the compromised form. Users must fill out the form and submit the information to the server for the attack to succeed. Formjacking doesn’t act as a keylogger; instead of collecting keyboard input, it collects data from submitted web forms and exfiltrates it to the attacker’s server.

After stealing sensitive data or payment information from their victims, threat actors could either use them for their personal gain or sell it on dark web marketplaces. Cybercriminals can use the data for credit card fraud or identity theft.

How to detect formjacking

Due to its clandestine nature, detecting formjacking can be challenging. Unlike other cyberattacks, formjacking has no telltale signs, especially for the layman.

Once the victim submits the sensitive information through the compromised form, the request goes through as normal, making it difficult for both the website and the user to detect the attack.

Identifying malicious code on a compromised webpage can be a meticulous task. However, automated detection tools that scan web apps for suspicious activities might help simplify the process.

How to protect yourself against formjacking

As a customer, you are most vulnerable to formjacking attacks, particularly because you can’t possibly know whether a form is compromised or not. This makes formjacking almost impossible to ward off. However, you could take these steps if you suspect you’ve fallen victim to formjacking:

  • Notify your bank as soon as possible if you discover fraudulent transactions on your account
  • Use banking apps that alert you through SMS or push notifications in real-time about transactions made on your account
  • Use multi-factor authentication/authorization for your transactions, if possible. This won’t mitigate formjacking but will make it difficult for attackers to siphon funds from your compromised account
  • Monitor your credit card statements, bank accounts, and credit scores for unauthorized, unfamiliar or suspicious activities
  • Sign up for an identity theft service that could reimburse you for financial loss if you fall victim to identity theft

Dedicated software solutions such as Bitdefender Ultimate Security can help keep you safe against cyberthreats, credit card fraud, and identity theft, with features like:

  • Breach monitor that detects personal information leaks on the Dark Web
  • Credit report monitoring that detects key changes in your credit files
  • Dark Web monitoring module that scans the Dark Web for illegal sales of your data
  • Social Security Number (SSN) scanner that notifies you if your SSN may have been compromised
  • Credit freeze and credit report fraud assistance
  • Medical ID fraud protection
  • Identity theft insurance up to $2 million