Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
Camp BGen Rafael T Crame, Quezon City
ACG-CYBER SECURITY BULLETIN NR 175: Understanding the Risk of Formjacking
Reference Number: ACG-CSB 102419175
The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
Formjacking is a relatively new form of digital information theft caused by hacker attacks on commercial websites involved in banking, e-commerce and other activities that collect customers' personal information.
When a site is infected with formjacking code, there are no telltale signs that anything has occurred. You cannot check for the kinds of clues that give away less sophisticated scams, such as bogus URLs and non-secure web connections (like those without "https://" in their URLs), so your best strategy unless you're prepared to stop shopping online altogether is to stay vigilant and watch for signs your data has been compromised.
You can also use any security appliances, such as a firewall, to monitor the outbound traffic from form-based web pages. Observe whether the traffic is going somewhere unexpected. If this pattern is observed, that can focus the code reviews on the impacted pages.
All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of Formjacking:
- Do not use your primary email address in online submission
- Perform regular code audits. Formjacking alters the site code only slightly, so it’s important to know what’s there and be able to detect tiny changes early on.
- Monitor your site’s outbound traffic. Be on the lookout for data transmissions to unknown sources. If you see something unusual, it’s time to do a code audit.
For additional information, please refer to the following websites:
POINT OF CONTACT