Online Shoppers Face a New Threat That is Almost Impossible to Detect

NordVPN Warns Customers of E-Commerce Sites to be Vigilant While Shopping Online

Panama City, Panama, April 25, 2019 --( About 4,800 websites get infected with formjacking software every month globally. The newest Symantec’s Internet Security Threat Report lists formjacking as one of the most dangerous attacks in the history of cybercrime.

Formjacking is like virtual ATM skimming. First, cyber criminals inject malicious code into an online shopping website to steal victims’ payment card details. The code reads credit card information as the person enters it, and then sends that information to the hacker.

“Formjacking is becoming more and more used by cybercriminals because of the simplicity to carry out it. The actual e-commerce transaction goes through as if nothing has happened. The victim usually realizes that they have been attacked just when charges start showing up on credit card statements,” says Daniel Markuson, a digital privacy expert at NordVPN.

Symantec's research revealed that small and medium-sized retailers are the most widely compromised, although no company is immune. Even the online payment websites of such well-known retailers as Ticketmaster and British Airways suffered from formjacking code.

It’s hardly possible for users to detect this kind of attack until it’s too late. That's why it's mainly up to e-shops and other e-commerce platforms to defeat this threat. Nevertheless, good online shopping practices can still protect you from the risk of losing your money. There are a couple of ways to stay safe:

Shop only at reputable websites. Avoid making impulsive purchases from online shops you don’t know. Keep in mind that smaller sites that do not have enough resources and the same level of protection as major sites are more likely to host a formjacking script.

Carefully read other customers’ reviews. If someone has already been hit by a formjacking attack, it‘s very likely that you’ll find a comment about that. Always do your research in advance and if you notice something suspicious, better look for another store.

Always check the URL of the website. Make sure that the address bar says “https” instead of “http.” Check whether the store’s privacy policy clearly communicates how it collects, uses, and protects your data.

Provide companies only with necessary information. The less data they have, the less they can leak. Don’t provide your date of birth, social security number, or bank account number just because someone asks for it.

Use a browser-based script blocker. Consider adding one of the script-blocking extensions to your browser. This will provide you with significantly more protection against formjacking attacks. You can try NoScript software extension for Mozilla-based web browsers. It allows JavaScript to be executed only by trusted websites and provides extra security for your browser.

Stay organized. Make sure to keep all your documentation, such as receipts or order confirmation numbers to prove your online purchase. It is also important to constantly check your credit card statements. If you see any activities on your balance that you don’t expect to find, try to recall whether you really authorized the charge. If you can’t recall it, inform your bank or credit card issuer, and they should be able to help you.

About NordVPN
NordVPN is the world's most advanced VPN service provider that is more security-oriented than most VPN services. It aims to become the world's easiest-to-use VPN with a strong focus on user experience. NordVPN offers double VPN encryption, malware blocking, and Onion Over VPN. Its apps provide a unique algorithm, allowing to automatically connect to the fastest server available. The product is very user-friendly, offers one of the best prices on the market, has over 5,000 servers worldwide, and is P2P friendly. For more information, visit
Laura Tyrell
+467 9873 4591