Online shoppers are at a growing risk from a scam which allows hackers to skim their payment details, cyber security firm Symantec warned on Wednesday.
“Formjacking” is essentially an online version of ATM tampering, which allows thieves to grab the PIN codes of unsuspecting customers.
On the internet, hackers inject malicious code into retailers’ websites to steal customers’ payment details when they conclude a transaction, Symantec said in its annual report on cyber security.
Cyber criminals heisted tens of millions of dollars last year thanks to the scheme which targets 4,800 websites every month, it added.
Hackers stole payment details from thousands of British Airways customers in an attack last year.
Formjacking has become a more lucrative option for cyber criminals as the value of cryptocurrency declines, Symantec said.
“Faced with diminishing returns from ransomware and cryptojacking, cyber criminals are doubling down on alternative methods, such as formjacking, to make money,” it said.
Cryptojacking attacks steal from cryptocurrency exchanges and ransomware attacks take over computers of businesses and individuals to ransom them for money.
Symantec said it blocked more than 3.7 million formjacking attacks last year.
Related: Card Data-Scraping Magecart Code Found on Newegg

More from AFP
- France Punishes Clearview AI For Failing To Pay Fine
- Twitter Celebrity Hacker Pleads Guilty in US
- Pro-Russian Hackers Claim Downing of French Senate Website
- Microsoft Expands AI Access to Public
- Hackers Promise AI, Install Malware Instead
- Australian Finance Company Refuses Hackers’ Ransom Demand
- Tesla Sued Over Workers’ Alleged Access to Car Video Imagery
- Secret US Documents on Ukraine War Plan Spill Onto Internet: Report
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
