Home / Advisory / Formjacking: How Indian Users are falling victim to this new form of Cyber Attack in the present day Digital Payment Era

Formjacking: How Indian Users are falling victim to this new form of Cyber Attack in the present day Digital Payment Era

Posted on
Formjacking: How Indian Users are falling victim to this new form of Cyber Attack in the present day Digital Payment Era.

India is presently among the first three globally growing Digital Enabler in e-commerce. India is on the path of rapid migration from the Cash Payment scheme to the Digital Payment Era. The e-commerce market in India is expected to reach over USD 120 by the end of year 2020. The influx of online consumer sites and the convenience of e-payment have made India as vulnerable as any other third world country in the world.  As the market for this new innovation grows, the forms of cyber crime are also undergoing innovation in its execution. The latest is ‘Formjacking’, a new hacking technique that targets online shoppers.

What Is Formjacking?

Formjacking is a cyber crime in which a sort-of virtual ATM skimming technique  is used through which cyber criminals target website of a retailer by injecting malicious codes. This then is used to collect data from website forms – for example, a payment form you fill out to make a purchase online, or forms where a credit card number is entered, etc.

Once the customer submits the information, the malicious code collects it and transfers it to the cybercriminal’s servers. From there, the information can be sold and used to commit fraud.

What Data Points are vital for a Formjacking Attacker

These are a few data points a Formjacking criminals may target:

Name of Customer- This is a vital information, as the said data point can be linked to many of the details like bank account, credit card details, etc.

Credit Card details– This detail will help the criminal to identify the gateway (Master/Visa/RuPay/etc) and then identify fraud liability and the security mechanism incorporated by the service provider.

Phone Number– This is also a PII (Personally Identifiable Information). This information can then be used to capture other related data like name, linked accounts, etc.

Address– The current address linked to the data can assist the criminals revise the address, or redirect mails that are sent by the bank or other service providers.

PAN Number– Formjacking primarily targets payment information, but it is possible for hackers to get your PAN number, which can then be used to obtain other details.

Aadhaar Number– Presently all financial transactions are linked to the Aadhaar Number. The ability to gather the details from the Aadhaar credentials to stratigise the attack pattern is also a threat.

How Can You Protect Your Credit Card and Other Information from Formjacking?

Remember, one may not be able to stop Formjacking before the criminal initiates it, but one can always take remedial measures to safeguard personal information from falling into the hands of such criminals. Some of the actions suggested are as under:

Maintain a dedicated Mobile Number for the Debit/Banking/Credit Card Account– Most of the Service providers extends service of ‘alerts’ to the mobile number of any financial transaction or even of routine nature. The updating of the mobile number in these systems is mandatory and should be strictly adhered to.

Email ID linking– Alternative ‘alerts’ can also be directed to the email ID.The email ID should also be updated and should be viewed regularly. ‘Star’ the ID so that the mails so received in the inbox is highlighted and not missed out as spam or junk.

Always use credit cards when shopping online– The time available to react is more in the case of a Credit Card fraud, than in a Debit Card or Banking Account. Most Credit Cards offer a ‘Fraud Protection’ cover. The reporting of a fraud is sometimes easier on Credit Card than the other forms. Blocking will not affect other fiscal activities.  

Monitor accounts online– It is a good practice to maintain a track of the transaction alert, and also place a capping on transaction limit and credit card limit.

%d bloggers like this: