Republic of the Philippines
National Police Commission
Camp BGen Rafael T Crame, Quezon City
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

ACG-CYBER SECURITY BULLETIN NR 175: Understanding the Risk of Formjacking

Reference Number: ACG-CSB 102419175

         The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.


          Formjacking is a relatively new form of digital information theft caused by hacker attacks on commercial websites involved in banking, e-commerce and other activities that collect customers' personal information.

          Once a website user enters their payment card data on an e-commerce payment page and clicks “submit,” the malicious JavaScript code collects the entered information. The malicious JavaScript code that has been installed by the cyberthieves can collect information such as payment card details, home and business addresses, phone numbers and more. Once the information has been collected, it is then transferred to the attacker’s servers. The cyberthieves can then use this information for financial gain themselves, or they can sell the information on the dark web. With this information, cybercriminals can then use the data for identity theft or payment card fraud.

         When a site is infected with formjacking code, there are no telltale signs that anything has occurred. You cannot check for the kinds of clues that give away less sophisticated scams, such as bogus URLs and non-secure web connections (like those without "https://" in their URLs), so your best strategy unless you're prepared to stop shopping online altogether is to stay vigilant and watch for signs your data has been compromised.

         There is no single easy or simple way to prevent formjacking. The best means of protection is regular auditing of the website’s code by a webmaster or developer. Because the injected Javascript code manipulates the functionality of the impacted text boxes in the web form window, a trained observer will be able to recognize that a code change has occurred. This is one of the reasons why small and medium businesses are often the targets of formjacking attacks they often do not have the sophistication or bandwidth to provide the level of monitoring needed.

         You can also use any security appliances, such as a firewall, to monitor the outbound traffic from form-based web pages. Observe whether the traffic is going somewhere unexpected. If this pattern is observed, that can focus the code reviews on the impacted pages.


            All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of Formjacking:

  • Do not use your primary email address in online submission
  • Perform regular code audits. Formjacking alters the site code only slightly, so it’s important to know what’s there and be able to detect tiny changes early on.
  • Monitor your site’s outbound traffic. Be on the lookout for data transmissions to unknown sources. If you see something unusual, it’s time to do a code audit.

For additional information, please refer to the following websites:



            Please contact PMAJ ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.