Formjacking and other online skimming attacks are used by criminals to target your website and steal user data, such as credit card numbers and other personal information. Ensighten's security capabilities detect and prevent these attacks even when the breach is within a supply chain technology.
Unlike other formjacking mitigation solutions, which simply sit on top of browser security such as SRI and CSP, Ensighten's technology utilizes cutting edge browser-based detection to prevent attacks from taking place.
What are formjacking attacks?
Formjacking is a method of online skimming that directly targets HTML forms on a web page. While skimming attacks in general target many different sources of personal data, including cookies, general page data and forms, formjacking is somewhat a nickname attributed to attacks that specifically target the latter.
HTML forms are widely used within web pages – in everything from user authentication, user interaction, shopping carts to checkout pages. Cybercriminals will use malicious skimming code to monitor for data being entered into website forms, where the malware will then copy the data and exfiltrate it to rogue servers so it can later be sold on the dark web.
As with all skimming attacks, because of the vulnerabilities associated with third-party vendors, your website infrastructure does not necessarily need to be breached for formjacking code to be inserted – meaning the risk for organizations is extremely high.
Watch our webinar on web skimming attacks to learn more
How a formjacking attack happens
When performing a formjacking attack, hackers will inject malware into your website designed to monitor for user data being entered into HTML forms. Attackers will do this by either exploiting a flaw in your own website infrastructure or they will target one of the third-party vendors you use.
When a website is accessed by a user, their browser fetches content from the organization’s web servers, known as first-party content, along with content from numerous other online locations, known as third-party content. For example, if an organization makes use of analytic tracking technology, then code from the tracking provider is also delivered to users alongside any content from the organization’s own website.
To the browser, however, all content is treated equally – regardless of whether it is first or third party. That is, any code can read any data, irrespective of where the code or data originated. While you may invest in significant efforts to secure your own infrastructure, if an attacker is able to breach one of the third-party libraries, then they are able to steal customer data as they interact with your website.