Formjacking may be one of the most effective cybercriminal tactics that you have, most likely, never heard of.  According to the security company Symantec, approximately 4,800 websites of small, medium and large businesses are targeted by this type of attack each month at a cost to consumers of millions of dollars.  Formjacking occurs when cybercriminals manage to install malicious JavaScript code into the website of the targeted companies.  This malware enables the cybercriminals to steal the credit and debit card information provided by customers when they do business with these legitimate companies.  Much of the formjacking attacks against major companies, such as Ticketmaster, British Airways and contact lens company VisionDirect have been attributed to a cybercriminal group referred to as Magecart.  Often the malicious code is inserted into third party services that then infect the true target.  In the case of the attack on Ticketmaster, Magecart was able to go through a third-party chatbot which unsuspectingly loaded the malicious code into the web browsers of visitors to Ticketmaster’s website.  Instances of formjacking have increased dramatically during the last year.  Fortunately, security companies can provide security software to counteract formjacking, however, unfortunately, many companies fail to install such software and are quite vulnerable to a formjacking attack.  Making things worse, there is nothing that we as consumers can do to determine whether a website we are providing our credit or debit card is infected with formjacking malware.


The key to protecting yourself from formjacking is, as I always advise, to never use your debit card for any retail purchases. If your credit card  is used for fraudulent purposes  you cannot be assessed more than $50 for such use and most credit card companies charge consumers nothing if their card is used fraudulently.   However, the potential liability of a person whose debit card has been compromised can reach his or her entire bank account tied to the card if the card owner does not report the crime promptly and even if the card owner does report the theft promptly, the debit card owner’s access to his or her own bank account is frozen while the bank investigates the crime.  Consumers should refrain from using their debit cards for anything other than an ATM card. Use a credit card for all of your card purchases to achieve greater consumer protection.  In addition, you should regularly monitor your bank account tied to your debit card in order to discover as soon as possible if fraudulent use of your debit card has occurred so that you can report it to the bank and limit your liability.  You also should regularly monitor your credit card account, preferably online in order to promptly recognize if your credit card’s security has been breached.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”