How does Formjacking work?
The term "formjacking" is a combination of "online form" and "hijacking" and basically describes the digital version of the well-known skimming, in which scammers prepare the card slot at ATMs with their own card reader. The PIN code will be spied on simultaneously with small cameras and the bank card can be duplicated with the collected data.
A similar hijacking takes place in cyberspace by using ip location. In the attack, a web page is created with malicious code, usually small hidden JavaScripts. According to the FBI, hackers often do this by phishing and sending malicious emails to vulnerable third-party employees or providers, whose applications have access to a company's server environment. Once the malicious code has been implemented, the credit card data can be captured in real-time as soon as the customer enters it on the store's website.
Cybercriminals use the valuable information to shop or sell it on Darknet. According to a study by the American credit agency Experian, a credit card number with a security code sells at the digital counter for about US $ 5. Access data from payment service providers like Paypal can even earn around $ 20.
Who is behind the attacks?
Formjacking belongs to so-called man-in-the-middle attacks, in which attackers inadvertently position themselves among communication partners who use malware. But who are the strangers? Usually cannot be clearly assigned, but Magecart's name appears over and over in connection with the incidents, as in the British Airways case described above. It is a generic term that describes the activities of at least seven groups of hackers who use similar malware in similarly orchestrated attacks. Magecart groups are not limited to a specific platform of online stores within the framework of their guards. Additionally, some cybercriminals have been observed to specialize in third-party services, such as live chat widgets.
How can you protect yourself?
It is not possible for the client to detect and prevent formjacking during online purchases because the infected pages are not modified. Therefore, it is advisable to limit purchases to large stores that, unlike small e-commerce websites, are equipped with more extensive security systems. Credit cards must also have a second level of defense in the form of 3D Secure. For example, no transaction is possible without a TAN code sent to the smartphone.
But the real responsibility for preventing e-skimming attacks falls on companies. They need to update their security systems. The goal is to keep the gateways closed to malware, for example: in the form of malicious emails with extensive protection measures.
Formjacking is currently focused on the theft of credit card data, but in principle, it can be used to get any type of data that is captured through online forms. Therefore, the spread of fraud is more than likely.