Believe it or not, cybercriminals are contributing to the growth of the English language, by annually introducing new words to the dictionary. Forget phishing and ransomware. Formjacking is the cybercriminal’s new flavour of the month
Formjacking is a type of malicious code injection when criminals hack a site and take over the functionality of its form page. Data is then collected from the user through the malicious form, forwarding it to the virus authors.
The uncomfortable truth is that users voluntarily surrender their information in a form they believe to be legitimate and secure. Once the information is stolen, it is used for identity theft, bank fraud and other criminal activities. Many companies and enterprises, like the university, use web forms to collect user information and complete transactions. We have all learned to trust the web form systems and our trust makes formjacking an instant success for cybercriminals.
Symantec has observed significant growth of formjacking attacks and found several big companies have already fallen victim to this new form of social engineering including Ticketmaster, Newegg, British Airways and Feedify.
The global statistics collected by Symantec are rather sobering. Since August 2018, Symantec detected and blocked 248,000 formjacking incidents.
All companies, enterprises and legal entities operating a website or online payment transactions are at risk from formjacking, including the university.
Currently, the only way to protect a website from formjacking is for the website administrators to maintain a high level of regular auditing of the code. Formjacking essentially changes the functionality of the text boxes of a web form, and careful, regular auditing should provide enough hints that the original code has been changed, indicating that the site is tampered by outsiders.
More information can be found in Symantec’s 2019 Internet Security Threat Report.
[ARTICLE BY DAVID WILES]
