“Formjacking” is a type of client-side attack which manipulates a web page — within a visitor’s web browser, as they are visiting your website — in order to steal that visitor’s information. Formjacking attacks emulate the look and feel of your own website to leverage the trust you have built with your visitors and turn it against them. By introducing a new form offering a promotion, requesting additional account information for verification, or simply offering a survey, the attacker can extract any information they want directly from your visitor in their own web browser. This has the added benefit of skipping the difficult task of penetrating your existing web security technologies because it takes place in the browser, beyond the reach of traditional web security.
These attacks represent a significant 3rd party risk to organizations around the globe, they are on the rise and news continues to break of widespread campaigns and new methods utilized by adversaries.