Skip to content

Formjacking

Did you know… formjacking compromised 4,800 websites monthly in 2019?
  • Do you have a business website with pages that support payments?
  • Is your card being used to pay for things that you didn’t buy?
  • Are your personal data being used without your consent?

Formjacking happens when attackers use a malicious JavaScript code to tamper with a website and change how the payment page of suck website works. This attack is a serious threat to companies and users because it is used to steal credit card information and other sensitive user information that is gotten from the payment pages.

Here’s some measures you should adopt to prevent this attack:

A. In a corporate setting

1. Guarantee the security and good functioning of your business

  • Perform intrusion tests constantly to correct vulnerabilities and prevent security concerns
  • Check your website code regularly to make sure that it’s free from formjacking
  • Use mechanisms in your applications that allow for a verification of the integrity of financial transactions
  • Consider forcing the use of strong payment mechanisms by working with payment intermediates or by adopting authenticated secure payments
B. As a user

2. Protect your devices and use strong passwords

  • Use strong security software with real-time protection programs and keep it always updated
  • Create strong passwords that are exclusive to each page and update them regularly
  • Use multi-factor authentication, whenever possible, to receive alerts when someone is trying to access your accounts

3. Protect critical data and make payments in a secure way

  • Avoid entering data from physical credit cards in online forms
  • Use virtual, single-use credit cards to make your payments
  • Alternatively, make online transactions using a payment intermediate
  • Check your bank statements thoroughly, which makes it easy to identify unauthorized or unknown shopping
  • Consider enrolling in protection against identity theft to receive alerts about how to handle personal information

4. In case you are a victim of formjacking

  • Contact your bank immediately to cancel the corresponding card