Advertiser Disclosure
Prevention

What Is Formjacking?

Kim Porter
By

Quick Answer

Formjacking is a type of cybercrime that involves stealing personal and financial data from websites. It’s difficult to detect, but there are steps you can take to limit your risk.

Concerned man seated at a desk looks closely at a laptop screen while adjusting eyeglasses with both hands, with a mug, papers, and office items on the desk and shelves visible in the softly lit background.

Online shopping and digital payments have made everyday transactions faster and more convenient—but they've also created new opportunities for cybercriminals. One growing threat is formjacking, a type of attack that targets you the moment you enter sensitive information online. Understanding how formjacking works and how to spot the warning signs can help you better protect your personal and financial information.

What Is Formjacking?

Formjacking is a type of cyberattack where criminals exploit security weaknesses in legitimate websites to inject malicious code. The code is designed to harvest personal and financial data, like login credentials and credit card numbers. When a user visits the infected site and enters their sensitive information, the hidden code captures those details and sends a copy to the attacker.

Formjacking—also known as web skimming, digital skimming or Magecart attacks—has been on the rise for years. In 2024 alone, more than 11,000 e-commerce sites were compromised, representing a 300% increase year over year, according to Recorded Fraud's 2024 Payment Fraud Intelligence Report. The attack exposed 269 million payment card records.

How Does Formjacking Work?

Formjacking attacks typically follow a predictable pattern, allowing cybercriminals to capture sensitive information without alerting the website or the user. Here's how it works:

  1. Criminal targets a website: A cybercriminal installs malicious code into a legitimate website's JavaScript platform, often without the website owner's knowledge. This code is designed to capture information entered into online forms. The criminal typically targets pages where consumers are most likely to enter financial and personal information.
  2. User visits the website: A consumer lands on the legitimate site and enters sensitive details—such as their credit card number, security code and personal contact information—into the compromised form.
  3. Information is intercepted: When the user submits the information, the malicious code captures the data and routes it to the attacker. In many cases, the information still reaches the business as expected, making the breach difficult to detect.
  4. Cybercriminal uses the information: The criminal may use the stolen data to make unauthorized purchases, open fraudulent accounts or commit another type of identity theft. In some cases, the cyberthief may sell the information on the dark web.

Because the attack can operate silently in the background, formjacking incidents can go undetected for months, increasing the risk of ongoing fraud.

Learn more: How to Protect Your Personal Information Online

Warning Signs of a Formjacking Attack

Formjacking can sometimes be difficult to detect, but you can stay vigilant and watch for signs your data has been compromised. Look for these identity theft red flags or signs a website has been infected:

  • Unexpected or duplicate charges: When reviewing your credit card or bank account statement, you may spot transactions you didn't make or multiple charges from the same retailer.
  • Lower credit scores: Drops in your credit scores can be a sign of fraudulent activity, including unauthorized use of your credit card accounts and credit applications made in your name.
  • Unfamiliar purchase confirmations: You may receive emails or text messages that confirm orders you didn't place.
  • Unusual account activity: Your online accounts may show changes—like updated passwords, addresses or payment details—you didn't authorize.
  • Suspicious checkout page: You're on a familiar website, but the page design, layout or URL looks off, or the page doesn't load as expected.
  • Browser security warnings: You receive alerts about an insecure connection, expired certificate or suspicious website behavior.
  • Requests for extra information: A site asks you for unnecessary personal details during checkout, such as your Social Security number.
  • Slower or glitchy checkout experience: Forms lag, reload unexpectedly or behave inconsistently when you try to submit them.

How to Avoid Formjacking Attacks

While you can't control a website's security, taking a few precautions can reduce your risk of having your information intercepted online:

  • Shop on secure websites. Look for "https" in the URL and a padlock icon before entering payment information.
  • Stick to trusted retailers. Use well-known brands or sites you've used before, especially if you're making a purchase.
  • Avoid public Wi-Fi for transactions. Unsecured networks can make it easier for attackers to intercept your data.
  • Keep your browser and devices updated. Security updates help protect against known vulnerabilities.
  • Use a credit card instead of a debit card. Credit cards often offer stronger fraud protections and don't give direct access to your bank account.
  • Consider virtual card numbers. Some issuers offer temporary card numbers for online purchases, which can limit exposure if data is stolen.
  • Use security tools. Browser extensions or antivirus software can help detect suspicious websites or scripts.

Learn more: How to Avoid Identity Theft While Shopping Online

What to Do if You're a Potential Victim of Formjacking

If you think your information may have been compromised by a formjacking attack, taking quick action can limit the damage to your finances.

  • Contact your provider. If you spot suspicious transactions or receive messages about unusual account activity, call your card issuer or bank right away. Discuss the potential fraud and start a dispute if needed.
  • Report the activity. You can file a report with the Federal Trade Commission's IdentityTheft.gov, the FBI's Internet Crime Complaint Center and your state consumer protection office.
  • Check your credit reports. Cyberthieves often use stolen information to open new accounts in the victim's name. These accounts may appear on your credit reports, so it's important to review your reports regularly and verify all the details are correct. You can get your Experian credit report for free anytime. If you find any information you don't recognize, you have the right to dispute it with the credit bureau on whose report the information appears.
  • Confirm unfamiliar purchases. If you've received messages about orders you don't recognize, look up the business's phone number independently. Call and ask for details about the account, and report the fraud if you didn't open it.
  • Leave the website. You don't have to deal with a suspicious web page and risk having your data stolen. If something feels off or you've received an alert about suspicious website behavior, you can simply leave the site.

The Bottom Line

While it's difficult to spot a formjacking attack, taking security precautions and staying alert to unusual account activity can reduce your risk.

Avoiding suspicious websites, using secure Wi-Fi networks and installing security updates can go a long way in protecting your information. Setting up transaction alerts and enrolling in a credit monitoring service can help you catch signs of fraud and limit the damage.

Resources
Latest Research
Latest Reviews