Website “formjacking” increasing risk to insecure sites

Share This Post

According to Symantec’s Internet Security Threat Report 2019 on average 4800 websites a month are compromised by formjacking code.

Formjacking is a cyber security threat to any business website, with cyber-criminals targeting any commerce sites with a view to intercepting payment details. And if you’re thinking that this only hits sites like British Airways, Semantic points out that as well as well known brands being targeted, small to medium size businesses are also at risk.

The threat occurs when cyber-criminals manage to insert small pieces of code on websites to capture copies of credit card and payment information. The ability to “infect” the sites in this way occurs when website software, plugins, etc. are not kept up to date and vulnerabilities are exploited that allow the insertion of the code.

The key is to make sure you keep your website software up to date. Popular website platforms like WordPress often release updates to fix security issues, but you should also be on the look out for any security updates to plugins you may be using or any plugins that are no longer being updated (where you might not learn of a security issue) – there’s also been examples with some WordPress plugins being taken over and malicious code added. So, if you collect payment information via your website then keep your website software up to date.

As well as a rise in formjacking, the Symantec’s report highlights include:

  • One in ten website URLs are malicious a rise in 56%
  • A drop in Cryptojacking, although still high
  • A 33% rise in mobile ransomware
  • 48% of malicious emails contain Office attachments

More To Explore

Eat. Sleep. GDPR. Repeat.

We live and breathe GDPR and ePrivacy compliance, so you don’t have too. Our GDPR UNLIMITED helpline is all about offering you help and support, whenever you need it most. As well as the unlimited helpline, you get up to 4 hours “hands-on” help each month, which we can configure to help you in anyway you need such as a GDPR review, or acting as your DPO.

As well as the unlimited helpline and hands-on help you get GDPR and privacy updates, access to our GDPR knowledge centre and webinars.

Unlimited email & phone support

Unlimited email and phone support. Email or organise a voice call as often as you need each month.​

Up to 4 hours "hands-on" help per month

We use these "hands-on" hours to do the GDPR work for you, such as reviews, acting as your DPO, checking DPIA, dealing with breaches, training your staff, etc. (Additional hours: £100+VAT per hour)

Online resources

Our Knowledge Centre gives you access to information, guidance, topic related guides and other tools to support your GDPR and PECR compliance

Updates, alerts & briefings

We provide updates and alerts and a monthly compliance briefing. You can either sign into the Knowledge Centre or sign up via email to receive an email every time we add a new update or alert

DPO services

Whether mandated or not we can act as your Data Protection Officer (DPO) and manage your day to day compliance

Webinars, workshops & training

Whether updates on the latest issue, workshops or team training, it's all included in your monthly retainer.

LIKE WHAT YOU'RE READING? join our email list

Sign up for monthly briefings and the occasional emails about our webinars and services

Want to know more about how we use your data? Check out our privacy policy