Formjacking: What’s That?

Answer these questions?

Has your site been infected with formjacking?

How did you find out?

How hard was it to repair?

How much damage did you or your users sustain?

Symantec Internet Security Threat Report describes formjacking as malicious code inserted into websites. To capture personally identifiable information (PII) and debit/credit card information. Compromised sites perform legitimate transactions, even as the data is being transferred to illegitimate servers.

This form of attack is inexpensive to deploy and almost impossible for users to quickly detect.

Are you at risk ?

Consider statistics drawn from “Smart Speaker, get me a cyber attack” — IoT was a key entry point for targeted attacks; most IoT devices are vulnerable amended to the Symantec Internet Security Threat Report

  • Formjacking is skyrocketing with over 4,800 websites compromised each month.
  • Ransomware shifted targets from consumers to enterprises, where infections rose 12 percent.
  • More than 70 million records stolen from poorly configured S3 buckets, a casualty of rapid cloud adoption.
  • Supply chains remained a soft target with attacks ballooning by 78 percent.

What to do?

Recommendations for IT Directors and Business Executives include:

  1. Merchant Processing. Many websites integrate with multiple websites, service providers and merchants for online processing. Audit all for any illegitimate coding.
  2. Install firewalls and other appliances to detect and monitor web traffic.
  3. Training. Many people cannot decipher programming languages. Yet if trained, check web browser settings to view page sources for any remote location tasks.

What Do You Think?

Author Disclosure

I am the author of this article and it expresses my own opinions. I have no vested interest in any of the products, firms or institutions mentioned in this post. Nor does the Analyst Syndicate. This is not a sponsored post.


Updated 10.9.2019



The views and opinions in this analysis are my own and do not represent positions or opinions of The Analyst Syndicate. Read more on the Disclosure Policy.

Leave a Reply