"Formjacking" Attack: How Hackers Steal Credit Card Details

Ravi Singh - Apr 30, 2019

Using a new technique called “formjacking”, hackers might have been selling your payment card information for 3,000 rupees on dark net.

Software Engineer Hacking Former Company, Hoping To Be Rehired
Pakistan-Linked Hacker Group Exploits CO.VID-19 Fear To Attack Indians, Posing As The Indian Government
A Hacker Was Awarded $75,000 As Bug Bounty After Reporting Safari Bugs To Apple

Along with the innovation of technology, online shopping trend has grown strongly all over the world. Especially, by 2022, India's online retailers market is predicted to grow fourfold to $150 billion. Due to the increasing number of online shoppers, cyber crooks are striking on the new way of fooling and stealing users' personal information. One of the latest favorite techniques for hackers, so far, is "formjacking" which targets online customers.

"Formjacking" is a type of cyber attack, by which hackers add malicious codes to a retailer's website. By using this virtual ATM skimming technique, hackers are enabled to steal online customers’ payment details that include sensitive card information.

According to an annual Internet Security Threat Report of Symantec, "formjacking" attack has hit over 4,800 websites per month, two big victims are Ticketmaster and British Airways. It also revealed that the number of such cyber attacks had rapidly increased in the past one year.

In July 2018, TicketMaster suffered a big cyber attack which affected around 40,000 customers. The "formjacking" technique was applied to attack its platform capturing customers' payment details.

Two months after the TicketMaster breach, British Airways claimed that a large amount of its passengers' credit card information was stolen through cyber terrorism on both its mobile app and websites. With more than 380,000 credit cards stolen, this airline attack alone might have allowed criminals to net over $16 million.

Symantec also estimated that last year cybercriminals might have gotten “tens of millions of dollars” by stealing customers' personal data through payment card scam and selling them on the darknet for about $45 each.

CEO of Symantec Greg Clark said in a statement:

According to Clark, "formjacking" serves as a pernicious threat to not only businesses but also consumers.

Security experts suggest using antivirus software to keep track of the threats. This will allow you to make sure that any website where you insert your credit card information has a lock icon next to the domain, signifying it’s a safe server.