Online ATM-style scam puts shoppers at risk: Symantec

Agence France-Presse

Posted at Feb 21 2019 12:01 AM

PARIS - Online shoppers are at risk from a scam which allows hackers to skim their payment details, cybersecurity firm Symantec warned on Wednesday.

"Formjacking" is essentially an online version of ATM tampering, which allows thieves to grab the PIN codes of unsuspecting customers.

On the internet, hackers inject malicious code into retailers' websites to steal customers' payment details when they conclude a transaction, Symantec said in its annual report on cybersecurity.

Cybercriminals heisted tens of millions of dollars last year thanks to the scheme which targets 4,800 websites every month, it added. 

Hackers stole payment details from thousands of British Airways customers in an attack last year.

Formjacking has become a more lucrative option for cybercriminals as the value of cryptocurrency declines, Symantec said.

"Faced with diminishing returns from ransomware and cryptojacking, cybercriminals are doubling down on alternative methods, such as formjacking, to make money," it said.

Cryptojacking attacks steal from cryptocurrency exchanges and ransomware attacks take over computers of businesses and individuals to ransom them for money.

Symantec said it blocked more than 3.7 million formjacking attacks last year.