A Criminal’s New Favorite Type of Hack: Formjacking

You’ve probably never heard of it… formjacking. This is the newest way criminals are collecting big amounts of data, and, unfortunately, it happens to be one of the most difficult to stop since it is simple to carry out and nearly impossible for users to recognize it is happening to them until it is too late.

Formjacking is the cyber version of ATM skimming. How it works: a criminal will place a piece of code on an e-commerce business’s website that will read specific pieces of information, usually credit card information. The transaction will go through just like normal, so it looks like nothing fishy has gone on, but behind the scenes, the shopper’s information is being stolen without their knowledge. By the time the shopper has input all their personal information, the criminal has enough information to wreak havoc.

According to a recent study, about 4,800 business websites are newly contaminated with formjacking every month. “It’s up to the website owners to protect against this threat,” Kevin Haley, a security response expert said. Major e-commerce sites, including British Airways, have been caught with formjacking software on their websites, “but small and medium businesses are more likely to be affected.”

There are ways that you can protect your business website from formjacking. Many of the formjacking attacks are through third-party applications, like chat boxes. It’s important to stay in contact with the software companies so if anything is a little off, you can contact them quickly. Next, find tools that will help you lock down your website if there are any changes to the code. There is software that can help you do this. Overall, like ATM skimming, there isn’t a lot you can do about formjacking except to stay educated on the new ways criminals are getting your clients’ information and to have a plan in place for you to help your clients if their information becomes compromised on your website. It is your duty to protect your clients before and after.

LibertyID is the leader in identity theft restoration, having restored the identities of tens of thousands of individuals without fail. If you retain personal information on your customers, now it is the time to get data breach planning and a response program in place with our LibertyID for Small Business data breach defense program. With LibertyID Enterprise you can now add value to existing products, services, or relationships by covering your customers, employees, or members with LibertyID’s fully managed identity theft restoration service—at a fraction of our retail price—with no enrollment and no file sharing. We have no direct communication with your group members–until they need us.

Call us now for a no obligation proposal at 844-411-LIBERTY (844-411-5423).