What is Formjacking? The Latest Internet Threat
From ransomware to cryptojacking, it seems like every other day we’re hearing about a new hack sweeping the internet. Today is no different. It seems like hackers are stepping away from cryptocurrency related hacks. Instead, they’re focusing on an old yet reliable form of attack: formjacking.
What is Formjacking?
Remember back in the day when you were worried about having your credit card details stolen at an ATM machine? For a long time, ATM skimmers where the easiest way a thief could steal your information. Now, however, we’ve moved on to the digital age… and so have credit card skimmers.
Introducing formjacking: the digital version of an ATM skimmer.
Simple, straightforward, and exceptionally lucrative, formjacking is the latest hacking craze to sweep the globe. From British Airlines to Ticketmaster, this type of hack has already caused an incredible amount of damage. So, what is formjacking exactly?
It’s actually very simple. A hacker embeds malicious code into a website. When a user puts in their credit/debit card details, the code sends a copy of those details to the attacker. The actual process of the transaction the user is trying to do doesn’t change. Similar to ATM skimmers, the whole point of formjacking it to get proper access to your cards. Once a hacker has your information, they can steal your identity, clean out your account, or even sell your information to other interested parties. Here’s an infographic made by Symantec, the integrated Cyber Defense company, that explains just how formjacking works:
As you can see, this is a very straightforward hack to execute. It’s also incredibly difficult to catch, which drastically adds to its threat.
Why Is Formjacking Making a Come-Back?
Since 2013, hacks dealing with cryptocurrency have been continuously on the rise. Ransomware demands cryptocurrency as payment. Cryptojacking is literally using someone else’s hardware to mine cryptocurrencies. So why, if there’s already a trend in crypto-based hacks, did that suddenly change?
Simple. Cryptocurrency has lost 90 percent of its value. In other words, it’s no longer lucrative to go after this kind of currency. So, hackers have reverted back to good ol’ hard cash, pushing an old hack back into the frontline.
According to Symantec’s 2019 Internet Security Threat Report, ransomware, in general, declined by 20 percent while cryptojacking fell by 52 percent. Formjacking, on the other hand, is on a rise, averaging at about 4,800 infected websites per month. Here’s a nifty little infographic they made detailing 2018’s internet threats.
Can I Protect Myself From Formjacking?
Sadly, no. Not unless you’ve got some serious IT-related skills.
Formjacking doesn’t rely on infecting your personal devices. It works by infecting websites that you end up visiting. We don’t usually check the HTML code of a website before we visit it, and even if we did, most of us won’t really know how to look for malicious codes.
With this particular hack, we sort of have to put our trust in the security procedures taken by each site and in the security researchers constantly working towards finding and containing these threats. Short of never using your credit/debit card online again, there’s not much we as individuals can do. That being said, you do still have to take all of the precautions necessary to make sure that your devices aren’t infected by other malicious files.
What Is Formjacking – Final Thoughts
Formjacking isn’t new. It has been around for a very, very long time. However, with the decreased return rate of crypto-based hacks, it seems like this might finally be this hack’s time to shine. This dangerous form of attack might be inconspicuous, but it definitely packs a punch. As will all things related to your security online, make sure that you’re constantly informed on what’s going on within the security field. Remember, it’s easier to prevent a hack than to do damage control because of it.
Even after connecting with VPN Express, the webpage booking.com greeted me with my name.
So, how about all anonymizing? It just does not work!