The Tupperware company was hacked on March 25th by unknown hackers using a technique called  formjacking.  Formjacking may be one of the most effective cybercriminal tactics that you have, most likely, never heard of.  According to the security company Symantec, approximately 4,800 websites of small, medium and large businesses are targeted by this type of attack each month at a cost to consumers of millions of dollars.  Formjacking occurs when cybercriminals manage to install malicious JavaScript code into the website of the targeted companies.  This malware enables the cybercriminals to steal the credit and debit card information provided by customers when they do business with these legitimate companies.   The hacking of Tupperware went on from March 20th until March 25th before the formjacking malware was removed by Tupperware from its website.  In this particular formjacking the information stolen included the full name of the card holder, the billing address, telephone number, credit card or debit card number, card expiration date, and CVV security code.   Instances of formjacking have increased dramatically during the last year.  Fortunately, security companies can provide security software to counteract formjacking, however, unfortunately, many companies fail to install such software and are quite vulnerable to a formjacking attack.  Making things worse, there is nothing that we as consumers can do to determine whether a website to which we are providing our credit or debit card is infected with formjacking malware and with more people doing their shopping on line during the coronavirus pandemic, we can expect many more of these formjacking attacks.  Tupperware has indicated that it it has removed the malware, is investigating the hacking and will be notifying its customers as more information becomes available.


The key to protecting yourself from formjacking is, as I always advise, to never use your debit card for any retail purchases. If your credit card  is used for fraudulent purposes  you cannot be assessed more than $50 for such use and most credit card companies charge consumers nothing if their card is used fraudulently.   However, the potential liability of a person whose debit card has been compromised can reach his or her entire bank account tied to the card if the card owner does not report the crime promptly and even if the card owner does report the theft promptly, the debit card owner’s access to his or her own bank account is frozen while the bank investigates the crime.  Consumers should refrain from using their debit cards for anything other than an ATM card. Use a credit card for all of your card purchases to achieve greater consumer protection.  In addition, you should regularly monitor your bank account tied to your debit card in order to discover as soon as possible if fraudulent use of your debit card has occurred so that you can report it to the bank and limit your liability.  You also should regularly monitor your credit card account, preferably online in order to promptly recognize if your credit card’s security has been breached.  If you used the Tupperware website for a purchase between March 20th and March 25th you should check your credit card or debit card statement promptly.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”