Formjacking

As of 2019, formjacking is considered a relatively new security threat.

The concept of formjacking is similar to compromising a payment card reader: an attacker, having inserted some additional equipment into the reader, can then gather credit card details is the reader is used (called 'credit card skimming').

Formjacking is based on the attacker inserting malicious code into a website, and then using that to extract the details that users enter  into the site (including names, addresses, credit card details and more). The actual transaction completes as if nothing has happened, but in the background the attacker is gathering details from anyone using the website.

Whilst smaller organisations would certainly be a target for formjacking attacks, large companies have been affected too. In late 2018 British Airways suffered a significant attack compromising the data of hundreds of thousands of customers in a suspected formjacking incident. Ticketmaster was similarly affected earlier in 2018.

How to protect against formjacking

Formjacking is very difficult for users to detect, so defences really need to be put in place by website owners.

Some of the attacks have exploited weaknesses in third-party applications that website owners have integrated into their sites, so it's important to consider how to test these, and also carefully test any updates to them.

In some cases, the use of Subresource Integrity (SRI) can help. SRI enables a website to check that resources received from a third party have not been compromised.

Back to Latest Threats