As soon as you make an online purchase, you are exposed to “formjacking”. Hackers behind this scam can empty your bank accounts. RMC Conso gives you some tips to avoid falling into the trap.
Do you often make online purchases? Please note, be particularly vigilant in front of the “Formjacking” scam. What is it? What are the risks for consumers? And what advice to guard against it? RMC Conso answers you.
“Almost impossible to detect it”
Once your basket is validated and when you enter your bank details to pay for your purchase, a malicious JavaScript script is discreetly injected by hackers on the site page, as explained by Press-Citron.
This then captures all the information relating to your bank card: the number, your name, the expiration date and the cryptogram on the back. The perverse effect of this scam is that you still receive your order a few days later. But your bank account is found … emptied.
“It is a silent and transparent technique. It is almost impossible to detect it,” assures RMC Conso Benoît Grunemwald, cybersecurity expert within ESET, a company specializing in antivirus.
And it is for this reason that “nobody is safe” of this scam, he underlines. In 2018, for example, hackers had access to data from the British Airways airline, including card numbers and cryptograms, more than 320,000 customers.
Since then, “the phenomenon has been clearly regression”, according to the expert. “Today, on the sites, payment operations are more secure. There has also been the implementation of 3-D Secure, so it’s more complicated for hackers to recover bank data,” explains Benoît Grunemwald.
What advice?
However, you must always remain vigilant and there are some tips to protect yourself from this scam.
First, pay attention to the sites on which you make your purchases. “Do not enter your bank card anywhere, especially on little -known and potentially less secure sites. But do not blindly trust major sites,” points out the cybersecurity expert.
“Be vigilant when you place an order. You should not imagine that you are not a target because you are a simple individual or a small business. As soon as you regularly consult sites, that you have accounts and you make purchases there, there is a risk,” he explains.
Do not hesitate to pay via virtual cards. These are “available on the applications of banks and are limited in time or by an amount. They allow hackers to empty your accounts, because the sums are smaller”.
After purchasing, watch your account statement and immediately oppose if you see abnormal withdrawals.
More generally, regular updates are essential. “You have to update all systems: smartphone, computer, printer etc., software, browsers and additional modules that are installed there. During these updates, new features are added and all bugs and flaws, which allow hackers to attack, are corrected,” he advises.
You can also opt for reinforced browsers. These allow, for example, to “isolate yourself from threats” when you are on the site of your bank. It is also necessary to “install safety or antivirus consequences”, concludes Benoît Grunemwald.
