FORMJACKING SCAM

On By scamsbulletin

SCAMS BULLETIN Host Jay White is a volunteer attorney who provides free legal services for low income seniors in San Mateo County, California.

January 23, 2020

FORMJACKING SCAM

Online forms are used extensively as an easy way of doing business online. But there is a downside: Formjacking is a fraudster’s recent ID Theft Weapon.

Everyone who’s ever filled out an online form could be a target for formjacking. It does what its name suggests — hijacks forms. Hackers “inject” code into forms on legitimate websites. This causes the page to release to the fraudster confidential information entered on the form.

The tactic is used mainly to steal credit card information. The stolen data are often sold on to a dark web trader for re-sale to anyone who wants it. But it’s also been discovered in online job application forms.

A challenge is that it’s often not possible for a user — or even a victim firm — to tell if a form has been infected with malicious code, since it otherwise behaves normally.

Defensive Actions:

* Check your credit card statement for discrepancies when it comes in every month, but try to monitor you card balance as often as possible, especially if you have recently filled in an online form where you had to disclose personal and confidential information.

* Check your credit scores frequently from http://www.AnnualCreditReport.com. You can also pay for other firms to actively and continuously monitor your records in real time and highlight any unusual activity.

* If you wish, you can freeze your credit records with Experian and the other “big three” agencies. This will stop anyone who has your details from opening new lines of credit in your name. However, you will also have to unfreeze it if you want to open or extend a credit account.

*To learn how to freeze your records, see a guide from the Federal Trade Commission: www.ftc.gov/ Free Credit Freezes Are Here. Freezes (and unfreezes) are free. You can also freeze the records of your children.

*Keep your Internet security software up to date as security companies are working actively on detection and highlighting form hijacking. Many programs can already identify some of them, and as updates are installed, you should be able to cut your risk of falling victim.

*If you suspect or discover you’re already a victim, notify your bank or card company immediately. You can also add a regular or extended fraud alert, which isn’t the same as a freeze.

Your best strategy is to stay vigilant and watch for signs that your data has been compromised.

Attribution: scambusters.org

Leave a comment