‘Formjacking’ hits online shoppers
Shoppers are being urged to beware of a new threat - formjacking - in Australia's $24 billion online shopping market.
Formjacking is virtual ATM skimming - the digital equivalent of attaching a device to an ATM to steal bank card details.
Cybercrime forensic specialist Duane Mandel Sr, who runs the Sydney security firm Cyberlutions, said many victims cared too little about privacy.
"They put in their details and, all of a sudden, they find out their details have been jacked because they've been onto an e-commerce site, then they start to jump up and down," he said.
"You know we're all human beings - we don't really do something until it's too late."
Formjacking incidents have jumped, with almost 5000 websites hit every month, says security firm Symantec.
Perpetrators target e-commerce sites and after compromising one, they steal payment card data as it is entered. Next they directly defraud the victim or sell their details on the dark web for as little as $45.
Mr Mandel said formjacking threats could be blocked by anti-malware solutions.
"Malwarebytes and Bitdefender are two I probably always push towards a client, the reason being you can use them on Androids, because a lot of people aren't using computers," he said.
They're using their phones. Your Android phone is like a computer. It can be infected."
Mr Mandel warned against treating a phone as an extension of your body. "You're actually walking around with a mobile computer," he said.
If you fall prey to formjacking, first contact the Australian Cybercrime Online Reporting Network (ACORN) but note that entering the incident might take three hours.
Privacy advocate Paul Bischoff said you could minimise the threat of having your data skimmed illegally by simply avoiding forms.
Shop on websites where your payment information is already stored, saving you entering it into a form upon checkout. Mr Bishchoff said people buying through a website that did not have their information stored could use a payment method that removed the need to enter credit card details, such as PayPal.
Security engineer Jamie Cambell said people should stick to websites and forms that used HTTPS (Hypertext Transfer Protocol Secure) for safe network communication.
"This is indicated by your browser either showing a lock icon or some green lettering," Mr Cambell said. The details in your browser's web address field tshould start with https:// and not http://, he said.
Script and ad-blocking browser extensions including uBlock Origin, NoScript and Ghostery could also be used to "make the web cleaner, faster and safer", Mr Cambell said.
• Protect all your web-connected devices.
• Ensure your laptop, tablet and smartphone all use anti-malware software.
• Beware of small, shonky e-commerce sites.
• Stay vigilant.
• Monitor your bank statements regularly.