Article

How to Protect Your Business Website from Formjacking

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet1,408 viewsSign in to rate
As individuals become more savvy about avoiding phishing emails, and enterprises get better at filtering them out before they ever reach employees’ inboxes, it’s become more difficult for hackers to infect enterprise systems with ransomware and cryptojacking malware. Companies are also becoming more diligent about backing up their systems, and cryptocurrency prices have fallen, meaning that the potential profits from ransomware and cryptominers have likewise diminished. So what’s a hacker to do if they want to make a fast, illicit buck? The answer is formjacking, a cyber attack that dramatically increased in popularity in 2018 and is now hitting an estimated 4,800 websites a month. What is formjacking? Formjacking is sometimes described as the online version of ATM card skimming—another hacking method that is becoming less fruitful as more brick-and-mortar retailers implement EMV chip technology. In a typical formjacking scheme, hackers breach an ecommerce site and insert malicious JavaScript code into the form where shoppers enter their payment information. When the customer hits “submit,” the information is transmitted to the hackers, who can then sell the credit card data or use it themselves. Formjacking is very difficult to detect because it’s invisible to both the customer and the retailer. The customer sees the transaction being processed normally, and the retailer still receives the order information and payment. The malicious code tends to be very short, and hackers disguise it to appear innocuous or routine. There is no indication that anything unusual has happened until days, weeks, sometimes even months later, when the retailer discovers the code or customers see unusual charges appearing on their credit card statements. Most formjacking malware is developed by Magecart, the name given to a hacking ring composed of loosely affiliated groups that specialize in stealing credit card data. In addition to orchestrating their own attacks, Magecart groups also offer formjacking malware-as-a-service to other cybercriminals. Small- and medium-sized retailers are the most frequent victims of formjacking, likely because their cyber defenses tend to be less robust than large ecommerce sites. However, because formjacking malware often gets onto sites by compromising third-party services, such as payment processing and chatbot applications, very large companies are not immune. British Airways and Ticketmaster number among the high-profile victims of Magecart formjacking attacks. While formjacking is usually deployed to steal payment card data from ecommerce sites, it can be used to compromise any type of online form. This means that formjacking could also be used to steal other sensitive data, including login credentials, Social Security Numbers, or even confidential business information, such as contact information for sales prospects who have signed up for a company’s mailing list. Protecting your website against formjacking Implement Subresource Integrity (SRI) tags. SRI tags use cryptographic hashes to ensure that the files that web applications and web documents fetch do not contain unexpected content that could indicate they’ve been manipulated by a malicious third party, such as additional code. Monitor your site’s outbound traffic. If you see form data being transmitted to an unusual or unknown resource, your site could be under attack from formjacking or other malware. Secure your supply chain. Hackers frequently insert formjacking malware onto sites by compromising third-party application developers, especially payment processors but also chatbots, quizzes, and other common web applications. Talk with a cybersecurity expert about solutions to test software updates and scan your website for unexpected code changes.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026