23 Feb 2019
Hackers can copy credit cards of online shoppers: Here's how
Just as technology improves, those who swear to break it, aka cybercriminals, also continue to evolve.
We already know hackers carry out phishing/ransomware attacks to steal money, but now, a number of crooks have switched to a new technique called formjacking.
It is the virtual equivalent of putting a card skimming device on an ATM and can easily result in financial theft.
So, what is formjacking?
Formjacking is the technique in which a hacker injects a malicious code on a specific page of a website, mostly an e-commerce portal.
The code remains undetected on the platform, waiting for a user to enter their details for making a purchase.
And, as that happens, a copy of all the data, including full credit/debit card information, of the shopper goes to the attacker.
Then, they can use card details for financial fraud
Once the critical payment information reaches the attacker, they can use it themselves to carry out financial fraud/theft or sell those details on the dark web.
In a recent report, Symantec, the security firm behind Norton antivirus, claimed hackers may have already made 'tens of millions of dollars' through such attacks.
It said a single card sells for about $45 in dark web marketplaces.
And, such attacks are on the rise
Symantec also emphasized that formjacking attacks have increased significantly over the last year.
About 4,800 websites are being targeted every month, with most being those of small and medium-sized business.
But, that doesn't mean big brands are safe from such attacks. British Airways recently compromised credit card numbers and emails of 380,000 customers in a massive formjacking attack.
Detection is the biggest problem for customers
Though organizations are boosting their security systems, detecting a formjacked page still remains a problem for regular customers.
This means you won't even realize when a page has been formjacked as it would look just like a normal, clean page.
"Formjacking represents a serious threat for both businesses and consumers," Greg Clark, CEO of Symantec, emphasized while highlighting the potential risk of such attacks.
However, some basic steps can keep you safe
To avoid formjacking, it is recommended to have a reliable antivirus program installed, one that could detect a formjacked page and issue an immediate warning.
Along with this, as an additional measure, always shop from well-known and secured websites.
For this, make sure that the site where you enter your card details has a lock icon next to its domain in the address bar.
Ticketmaster, too, was 'formjacked'
Along with British Airways, popular US-based ticketing platform Ticketmaster was also targeted with a sophisticated formjacking attack. In that breach, the site compromised addresses, email addresses, telephone numbers, payment details of some 40,000 users.