Hackers may target upcoming e-commerce festive sales: Norton

Hackers may target upcoming e-commerce festive sales: Norton
Photo Credit: Thinkstock
28 Sep, 2018

Norton, cybersecurity firm Symantec’s anti-virus unit, has warned Indian online shoppers to be on guard against hackers with local e-commerce sites set to kick off their annual festive sales in the coming weeks.

In a statement, the firm said hackers have been targeting e-commerce sites by gaining access to to payment gateways. British Airways and Ticketmaster were targeted in this manner recently.

Norton said that a particular kind of cyberattack called "formjacking" has spiked over the past couple of months.

In formjacking, a malicious JavaScript is used to steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites.

When a customer of an e-commerce site clicks “submit” or its equivalent after entering their details into a website’s payment form, malicious JavaScript code that has been injected there by the cybercriminals collects all entered information, such as payment card details and the user’s name and address.

Cybercriminals send this information to their servers, which can then be used for payment card fraud or to sell these details to other criminals on the internet.

While this is not a new technique, Norton said that such incidents have been on the rise in recent weeks and they have also become increasingly sophisticated.

According to Symantec telemetry, it has blocked 248,000 attempts at formjacking globally since August 13. However, more than one-third of those blocks (36%) occurred in just one week —from September 13 to 20—indicating that this activity was increasing.

Norton said consumers must follow the usual best practices like strong and unique passwords, different passwords for different websites, using a password manager app, not opening unknown attachments and using a strong Wi-Fi password at home.