Formjacking definition
Formjacking is a type of cyber attack where hackers compromise a website's online form to steal any entered information. It targets websites that collect credit card details, passwords, addresses, or any other data submitted through forms.
Formjacking attacks are particularly concerning because they target trusted websites that users visit regularly. Users easily submit their sensitive information, assuming they are on a legitimate and secure website.
See also: clickjacking
How formjacking works
- 1.Infiltration. The attacker gains access to a website's code or exploits vulnerabilities in its security measures. They can do it through various means, such as malware, phishing attacks, or weak passwords.
- 2.Inserting malicious code. The attacker injects malicious JavaScript code into the website's code. This code is usually hidden within legitimate scripts, making it difficult to detect.
- 3.Data capture. Once the malicious code is active on the website, it monitors and captures the information users enter into the online forms. This can include credit card numbers, names, addresses, and other sensitive details.
- 4.Data exfiltration. The stolen information is then sent to the attacker's server, allowing them to access and exploit it for criminal purposes. This could involve selling the data on the black market, using it to make unauthorized purchases, or stealing the victim’s identity.
Fromjacking example
- 1.John visits an online retail website to purchase a new laptop. He adds the laptop to his shopping cart and proceeds to the checkout page. There, he needs to submit his personal information, including name, address, and credit card details.
- 2.Unbeknownst to John, the website has been compromised by a formjacking attack. The attacker has injected a malicious JavaScript code into the website's payment form.
- 3.John enters his credit card details and clicks the “Submit“ button. Meanwhile, the malicious JavaScript code quietly captures the entered information, including his credit card number, expiration date, and security code.
- 4.The stolen data is immediately sent to the attacker's server. They can now use John’s credit card details to make fraudulent purchases or sell the information on the black market to other cybercriminals.
- 5.Meanwhile, John completes his purchase, unaware that his credit card has been compromised.
- 6.A few days later, John notices suspicious transactions on his credit card statement. Someone has used his card information to make unauthorized purchases.