Imagine the shock. Once the satisfaction of an online purchase is lowered, you find that your bank account has been fully emptied! You have just been a victim of Formjacking, a cyber attack that sucks your bank data without you realizing it. Here is everything you need to know about it.
How does it work?
As you enter your bank information to finalize a purchase, a malicious JavaScript script is discreetly injected on the page to automatically capture the bank card number, the holder’s name, expiration date and cryptogram.
The latter works in the background, and collects each data entered, then transports everything to a server controlled by cybercriminals. The most pernicious in this fraud is that the transaction itself is carried out without problem: you receive your order, while your contact details have already been stolen.
According to Avira, the boom in online payments has encouraged this change in flight methods. Thus, where the physical attacks by skimming required the installation of devices on payment terminals, formjacking is carried out remotely on a previously compromised e-commerce site.
The British Airways example and the impact of an unteashed fault
The cybersecurity company cites the example of servers of the British Airways airline who were infiltrated for more than two weeks in 2018. During this time, the pirates were able to siphon the bank data of some 380,000 customers before the alert is given!
This attack highlighted the crucial importance of rapid detection, but also the difficulty for large companies to protect themselves completely. Thus, it should not be said that only small merchant sites can be the victim.
How to protect yourself from this threat?
We will have understood, formjacking must invite us to extreme vigilance. In particular, you should frequently consult your bank statements on a secure mobile application or directly on your bank’s website. When you can, configure two factors on your accounts and adopt complex passwords, specific to each service.
The installation of a robust safety suite is essential because it helps to detect and block malicious scripts before they reach your browser. That’s good, we have concocted a very complete guide that lists the best offers on the market. Online stores, for their part, should rely on code integrity control protocols and segment access to their third -party providers, to reduce the attack surface.
📍 To not miss any Citron press, follow us on Google News and Whatsapp.
Couple: Bitdefender
