E-commerce Skimming Attacks
The introduction of EMV chip technology in payment cards has made traditional card fraud, like skimming, harder for criminals. Consequently, they have shifted their focus to online fraud, particularly e-commerce. Criminals use a widespread strategy, attacking many websites at once, hoping some will be profitable.
Formjacking is a stealthy yet straightforward attack where hackers inject harmful code into the checkout pages of online stores. This code is often well-hidden, mimicking legitimate elements like a Google tag or a seemingly related domain, making it hard to spot. Once injected, it steals customers’ payment information as they make purchases.
According to SecurityMetrics’ Brad Caldwell, formjacking is both sneaky and simple for cybercriminals to execute. Symantec’s findings reveal that around 4,800 websites fall victim to formjacking monthly. This shows the attack’s profitable and ongoing nature. Research from RiskIQ indicates that the Magecart group’s formjacking activities are even more widespread than previously thought, affecting a broad range of online service providers.
What is a Formjacking attack and How Does it Work?
A Formjacking attack is when cybercriminals insert some malicious JavaScript code to hack a website and take over the functionality of the site’s form page to collect sensitive user information. Formjacking is designed to attack or steal credit card details and other information from payment forms that can be captured on the checkout pages of websites.