Formjacking, the Silent Thief.

Formjacking, the Silent Thief.

If you are having a conversation about the online security of both personal and business financial information, you cannot afford to not mention Formjacking.

What is Formjacking?

Formjacking is not a new form of cyberattack. According to Symantec, there was a sudden rise in Formjacking attacks in August 2018 hence giving it the push it needed to start making headlines.

Formjacking is whereby cybercriminals inject malicious Javascript code into the legitimate code of e-commerce web pages to steal credit card information of unsuspecting users.

For example, when a customer visits an e-commerce site clicks ‘submit’ after entering their details into the website’s payment form, malicious JavaScript code that has been injected there by the cybercriminals collects all entered information, such as payment card details and the user’s name and address. This information is then sent to the attacker’s servers. Attackers can then use this information to perform payment card fraud or sell these details to other criminals on the dark web.

Cybercriminals target small businesses, especially those that are suppliers of larger companies. Such businesses’ eCommerce sites are believed less likely to have strong defenses hence becoming an easy target. Formjacking is not easy to detect as cybercriminals do a good job hiding the malicious code within legitimate code and consumers have no way of detecting compromised eCommerce sites which makes the threat all the more dangerous.

Despite this, there are ways to prevent or detect Formjacking attacks.

1. Test and scan new code updates before making them live on your site for any unusual or unfamiliar code. In the case of third-party vendors, ensure that the same is being done.

2. Use Subresource Integrity (SRI) tags. These tags allow a browser to verify that the material it receives is delivered without unexpected manipulation. It works by providing a hash that a resource much match.

3. Monitor your supply chain and ensure you know where all vulnerabilities are

4. Implement cybersecurity best practices and security protocols on your site such as firewalls, automated scans, and other security checks so you are notified of any changes and unusual activity

Are you unsure about the safety of your users’ financial information on your site? Get in touch with us at and learn how we can protect your users. Host your domain with us and never worry about the security of your site.