Believe it or not, cyber-criminals are contributing to the growth of the English language, by introducing new words to the dictionary every year. The newest word in cyber-security is Formjacking.
Formjacking is a type of malicious code injection when criminals hack a site and take over the functionality of that site’s form page, collecting data from the user through the malicious form which is then forwarded to the virus authors.
The uncomfortable truth is that the users themselves voluntarily surrender their information in a form they believe is legitimate and secure and once the information is stolen, it is used for identity theft, bank fraud and other criminal activities using the stolen information. Many companies and enterprises, like the university, make extensive use of web forms to collect user information and to complete transactions. We have all learned to trust the web form systems making formjacking an instant success for cyber-criminals.
Symantec have observed a significant growth of Formjacking attacks in the wild, and they have found several big companies that have already fallen victim to this new form of social engineering including Ticketmaster, Newegg, British Airways and Feedify.
The global statistics that Symantec collected are rather sobering. Since August 2018, Symantec detected and blocked 248,000 formjacking incidents.
All companies, enterprises and legal entities operating a website or online payment transactions are at risk from formjacking, the university included.
Currently the only way to protect a website from formjacking is for the website administrators to maintain a high level of regular auditing of the codes. Formjacking essentially changes the functionality of the text boxes of a web form, and careful, regular auditing should provide enough hints that the original code has been changed, indicating that the site is tampered by outsiders.
More information can be found in the 2019 Internet Security Threat Report from Symantec…