Leave a comment

A scary new cyber threat lurking on websites you trust

A scary new cyber threat lurking on websites you trust
© One Photo | Dreamstime.com

The cyber-world just keeps getting darker and scarier, with a new danger seemingly popping up every week. The latest is called "formjacking."

Just like it sounds, malicious actors can swipe data you're putting into a seemingly innocent online form, such as a job application or even a government form. Hackers can take your information and steal your identity or sell it on the Dark Web.

We'll tell you how formjacking works and why it is so dangerous. There is also at least one way you can protect yourself from this latest scam.

Legitimate sites infected

When you're filling out that job application, you probably assume that it is a secure site. But if we've learned anything over the years, it's that when it comes to cybersecurity, nothing is a sure thing.

Formjacking occurs when bad actors attach a malicious code onto a seemingly secure https website. The malicious code then begins to steal information that is being input into a form. Consider it a digital form of credit card skimming.

Worse, consumers often don't know until it is too late that their information has been stolen.

 

Related: FBI issues a chilling ransomware warning as cyberattacks grow nationwide

 

Unfortunately, formjacking is growing. A new report by Symantec finds that in the first six months of 2019, U.S. users were hit with 52% of all global formjacking attacks, compared to 33% in 2018.

The report further states that websites compromised by this form of attack generally stay infected for 46 days. Publicly reported formjacking attacks have taken place on websites such as Ticketmaster, British Airways and more.

In order to curb formjacking, companies must continuously assess the security of their application code, as well as the code that vendors use on their websites. Unfortunately, there is not much a consumer can do to fight back on his or her own.

One way consumers can fight back

What makes formjacking difficult for companies and consumers to catch is that there is no sure way to tell if a website has been compromised. Anti-virus detection catches only a few instances of formjacking.

Perhaps the best way to ensure a company's cybersecurity is to use its mobile app rather than the desktop version. Overall, a bank or commercial company's mobile apps are considered more secure because the information is encrypted, while desktop websites often work with third parties — the weak link in the security chain.

While apps aren't completely immune to being compromised, there are fewer incidents of so-called "appjacking."

A growing global problem

The U.S. is by far the largest victim of formjacking, at 52%. Way down in second place is Australia at 8% and India at 5.7 %.

While a website can be infected an average of 46 days, there was one case that lasted 15 months; however, Symantic said many other sites had the infected code removed within days.

 

Related: Hackers sharing clever new ransomware tools

 

In its report, Symantic states that the number of domains infected with formjacking scripts dropped toward the end of last year. The company warns that this does not mean the problem is going away; instead, targeted companies not directly hosting the contaminated script are loading the remote content from another domain.

This means one infected domain can serve multiple compromised online stores. On average, Symantic detected 5,233 domains per month that pointed to infected formjacking sites.

Americans were scammed out of more than $2.7 billion online last year

Despite all the warnings, Americans are still getting scammed online. Last year alone, scam artists took Americans for $2.7 billion. The number is part of a report by a division of the FBI. On average, there are more than 900 scam complaints received each day by the agency.

Click or tap here to learn more about how Americans are being scammed online.

Next Story
View Comments ()
Amazon's new budget-friendly tablet may make you kick that iPad to the curb
Previous Happening Now

Amazon's new budget-friendly tablet may make you kick that iPad to the curb

Is your iPhone 6S on the fritz? Check here to see if Apple will repair it for free
Next Happening Now

Is your iPhone 6S on the fritz? Check here to see if Apple will repair it for free