What is Formjacking

Formjacking attacks are designed and executed by cybercriminals to steal financial and banking details from payment forms that can be captured directly on the checkout pages from eCommerce websites. Find out more about how this practice can affect your business and how to prevent it.

What is Formjacking

There has been a significant surge in formjacking attacks recently. It has been affecting organizations that mostly accept online payment from consumers.

In recent times, cryptocurrencies have progressed in both popularity and technical improvements. However, the radical decrease in the value of cryptocurrencies like Bitcoin and Monero has led to cybercriminals looking elsewhere for fraudulent profits.

That being said, what better place to steal your financial information than a product order form on online shopping websites before you even hit the submit button—that's formjacking!

To understand what other threats formjacking pose, let's get to the basics by exploring this unique kind of cyberattack.

What Is a Formjacking Attack

Formjacking is a type of cyber attack in which hackers insert malicious JavaScript code into the target website, most often to a payment page form.

Once the malicious code is in operation, when a consumer enters their payment card information and hits submit, the compromised code sends the payment card number and other sensitive information like the consumer's name, address, and phone number to the hacker.

Hackers send this stolen information to a server for reuse or even sell the personal details on the dark web. While all this happens, the victim is blissfully unaware of their payment details being compromised.

According to the authenticated Symantec Internet Security Threat Report 2019,formjackers hacked 4,818 unique websites each month in 2018. Symantec blocked more than 3.7 million Formjacking attack attempts in that year alone.

Who Is Behind Formjacking Attacks

It is quite complicated for security researchers to pinpoint a single attacker or attack style considering so many unique sites are being attacked simultaneously. However, the majority of formjacking attacks are known to originate from Magecart groups.

Magecart is a club of hacker groups that have been behind the attacks on various websites. Attacks on Ticketmaster, Feedify, British Airways, and Newegg are only some of the Formjacking examples done by this consortium.

The group injects web-based card skimmers onto eCommerce sites to steal payment card data or credit card information and other sensitive information right from online payment forms.

Magecart group started hacking into Magneto online stores; however, they have now altered their strategies and are increasingly using formjacking attacks to steal payment card details.


How Big Is This Formjacking Campaign

The latest Formjacking campaign conveys that attackers are constantly changing and enhancing their malicious formjacking code and discovering innovative delivery mechanisms to infect users. By the time people even understand formjacking, hackers flee with the information.

For example, Symantec has been digging into telemetry and examining the technical aspects of formjacking attacks to find that 248,000 formjacking attempts were blocked in 2019. But the worrying thing is that such activities are increasing continually as over one-third of those blocks were encountered between September 13 and 20.

What Categories of Businesses Are These Attacks Targeting

Magecart has been targeting eCommerce giants such as Ticketmaster, Newegg, and British Airways to gain larger profits.

Symantec's data showcases that the impacted websites are mostly online retail sites, including small niche sites, to more extensive retail business operations. Websites impacted ranged from a fitness retailer to a supplier of outdoor accessories.

Other online retailers affected included suppliers of parts for vehicles and portals selling gifts or kitchen accessories.

Therefore, it is safe to assume that any company that processes payments on the internet is a probable victim of formjacking attacks.

How Can Formjacking Attacks Affect You

How formjacking attacks can impact your business depends on the type of information the identity thief captures. "There is some data that can ruin your current day; however, there is some confidential information that can even ruin your complete life," says Alex Hamerstone, Practice Lead: Governance, Risk and Compliance at TrustedSec.

You must monitor your bank and credit card statements and keep an eye on your credit scores. Unfortunately, it is almost impossible for victims to identify formjacking attacks, considering most still do not understand what is formjacking, let alone knowing how to detect it.

So, it is solely upon the IT professionals to keep a constant check on their systems to detect and eliminate it, if such a specific threat were to occur.

How Can Businesses Protect Your Credit Card and Other Information From Formjacking

You may not be able to stop Formjacking before it attacks your system, but you can take steps to protect your personal details.

Use credit cards instead of debit cards while shopping online to reduce financial risks. The reason behind this is simple.

If someone uses your credit card information deceptively or indulges in card fraud, they will be exhausting the funds of the credit card companies. In the case of debit cards, the funds are directly tied to your checking account balance.


How to Prevent Formjacking Attacks

  • Make sure that your IT professionals are well-versed with what is formjacking.
  • Use the latest antivirus software; one with a reputable status can safeguard your system from some if not all formjacking attacks.
  • Run scans and tests to check for vulnerabilities in your systems and fix them before a cybercriminal can find them.
  • Every time your software gets a new update, run a test to look for discrepancies before launching it on the web.
  • Don't forget to monitor your systems' behavioral patterns so that you can detect suspicious patterns and block the apps that may cause damage to your system.


Victims don't realize that they have fallen prey to formjacking attacks easily as websites prolong to operate as usual, and Magecart formjacking attackers take steps to stop their detection.

Even with all preventive measures in place, it can still be exceedingly difficult to spot formjacking attacks. However, as an online business, you must have all the protocols in place to quickly alert consumers in the case of such attacks.

Originally published at LoginRadius

What is a Formjacking attack?
Formjacking attacks are designed to steal financial details from payment forms. Learn how it affects your business and tips to prevent a formjacking attack.