Taking Back the ID

Formjacking, Netflixphishing and new Medicare card scams

Shopping online is almost second nature now, right? But you could be jeopardizing your identity by just entering information into web page forms. Learn about “formjacking,” how fake Netflix sites are phishing for your PII, Medicare scams and more.

Duke Franklin always checked his credit card statements. One month he noticed a mysterious charge on his statement for three suits from a men’s clothing site that he’d used in the past. Franklin hadn’t worn a suit in years. He immediately contacted his credit card company, bank and companies with which he did business. He discovered that the men’s clothing site had been the victim of the new “formjacking” scam. Cybercriminals had illegally collected from the website’s “form page” personally identifiable information (PII), including Franklin’s credit card material. A web form allows users to enter data that’s sent to servers for processing.

This hypothetical situation represents a new scam. Cybercriminals continually conduct research to develop new types of malware to rob victims out of their personal identifiable information (PII), and they update older versions of malware to circumvent security updates.

Kevin Jones reported in his Oct. 1, 2018, Hacker Combat article, “Formjacking in the nutshell,” that Symantec, a cybersecurity company, defined formjacking as “a form of JavaScript-code injection when cybercriminals hack a site and take over the functionality of the site’s form page.”
Cybercriminals can then collect PII and use it for identity theft and other criminal behavior.

According to Jones, Symantec has discovered formjacking security issues with Ticketmaster, Newegg, British Airways and Feedify — all associated with just one formjacking group, Magecart. Since Aug. 13, 2018, Symantec says it has detected and blocked 248,000 formjacking incidents.

Cybercriminals maximize their return on investment by targeting forms on organizations’ websites that potentially have the most records to compromise, such as online shopping, payment processors and banks. The main goal of the criminals is to gain access to all types of PII, especially credit card numbers. “All companies and legal entities operating a website or payment transactions online is at risk to formjacking,” according to Symantec in the Hacker Combat article. Individuals trust the forms to process transactions because they trust the companies and believe the website systems are secure.

Symantec, according to the Hacker Combat article, recommends that webmasters constantly audit codes on their websites. Users should check their monthly credit card statements for unusual activity and report any anomalies to their credit card companies, the Federal Trade Commission (FTC), local law enforcement agencies, the companies they do business with online and media outlets.

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.