Beware of formjacking

Beware of formjacking


With the convenience of the internet comes the high risk of cybercrime — a billion-dollar industry that breached 447 million private records in 2018 alone. In fact, reports found that cyberattacks occur every 39 seconds (on average) among devices with internet access.

In late 2018, British Airways reported over 380,000 stolen credit card details in a widespread attack on both their website and app. This tactic is known as formjacking, an increasingly popular hacking technique affecting thousands of eCommerce sites worldwide.

What is formjacking?

Formjacking refers to malicious code inserted into the checkout page of an eCommerce site. This code is designed to skim your payment details and steal your private information, including your name, address, and credit card details. The collected data is then sent to the attacker’s servers for reuse or sale on the dark web.

An estimated 4,800 online stores are victims of formjacking each month, and with its relatively simple execution and lucrative results, it shows no signs of slowing down.

How can you prevent formjacking?

With the uptick of formjacking attempts on retailer websites (especially small businesses), taking preemptive measures is a must. Below are proven methods for preventing a formjacking attack on your company and customers.

Monitor your outbound traffic

Though formjacking hacks are generally tricky to detect, monitoring your website traffic is an easy way to stay vigilant. Keep an eye out for any data suspiciously leaving your site; if they’re headed to a foreign location, you may have hidden activity at play.

A simple method for scanning your outbound traffic is to check your website’s firewall dashboard. While it may not be able to identify harmful code, it can determine whether critical data is going where it’s not supposed to.

Scan new codes, updates, or third-party applications

Before diving into the latest updates, apps, or plugins, ensure their code is safe for use. Test these changes before launching them on your site, and monitor your system activity for any unusual behavior. Make it standard security practice to verify that all third-party services are clean and uncorrupted by formjacking code.

To ensure the safe use of any third-party sources (i.e., chats, surveys, pages that process credit card payments), businesses are recommended to use Subresource Integrity (SRI) tags in their site code. This simple security method verifies that any external data fetched by your website is delivered without unexpected manipulation, helping you prevent any unwanted code or activity leaking into your site.

Perform regular scans on your own website

Performing frequent scans of your own website pages is fundamental. Any eCommerce website must have a trusted security program in place, with efficient procedures for updating or patching code when vulnerabilities are detected.

Online businesses commonly run two types of scans: penetration and vulnerability tests.

Penetration scans are performed by computer security experts, otherwise known as “white hats” or “ethical hackers”. They simulate a cyberattack, looking through your existing code and identifying areas of weak security. This enables a thorough investigation of your website and potential breaches it may be exposed to.

Vulnerability scans also check your code for signs of security weakness, though they are performed through software. There are various types of vulnerability scanners to choose from, including computer worms, port scanners, and web application security scanners.

Make sure your vendors do their part

Lastly, ensure your supply chain takes similar measures in their online security. As mentioned, formjacking malware is commonly inserted into third-party applications to breach a business’s main website. Though performing your own scans are vital, your provider should also do the same.

Any damage from their end ultimately affects your brand reputation, so be sure to stick with vendors who uphold the same standards of security.

With the rising trend of cybercrime, companies need all the protection they can get. Safebit Solutions has developed a thorough security program for keeping Texas businesses safe from common and emerging digital threats. For more information, consult our IT experts today.

Download our free eBook: It’s full of detailed examples of how managed cloud services save you moneySTART READING