A NEW cybersecurity threat is on the rise, and there is very little that we as consumers can do about it.
This is one of the issues highlighted in the 2019 Internet Security Threat Report Vol 24 by Symantec during a media briefing recently.
According to Symantec Asia Pacific & Japan Sales Engineering & Service Provider sales vice president Sherif El-Nabawi and chief cybersecurity architect David Rajoo, that new threat is formjacking.
Formjacking, as the name implies, is the technique of capturing users’ information from websites such as online retailers, through online forms filled up by their users. This is done through a Javascript-code injection.
When cybercriminals hack a site and take over the site’s form page, they collect the users’ information through the malicious form and forward it to the virus authors. This stolen information can then be used to facilitate identity theft, bank fraud, and other criminal activities.
Formjacking’s popularity is on the rise because it is easy for cybercriminals. The information they gather is submitted voluntarily by users who mistakenly believe the form is legitimate, and that their data is secured.
According to the Symantec report, on average, more than 4,800 unique websites are compromised with formjacking codes every month.
The cybersecurity company blocked more than 3.7 million formjacking attacks at endpoints (users’ side) in 2018.
As cybercriminals focus on bigger payouts, there is not much consumers can do, apart from the usual best practices.
These include changing default passwords on devices, updating software, backing up files, and always being careful online.
Consumers should also keep a close eye on their banking activities, and immediately report any unusual ones. Having mobile banking apps helps in this case.
An added measure is to install an endpoint security solution that can detect these Javascript-code injections.
Meanwhile, another cause for concern is consumer privacy, thanks in part to smartphones becoming the greatest spying device ever created.
It is a camera, a listening device, and a location tracker, all wrapped in one single device that users willingly carry around and divulge information to.
According to the Symantec report, 45% of the most popular Android apps and 25% of the most popular iOS apps request location tracking.
Additionally, 46% of popular Android apps and 24% of popular iOS apps request permission to access your device’s camera.
This does not include email addresses shared with 44% of the top Android apps and 48% of the most popular iOS apps.
Digital tools that gather cellphone data for tracking children, friends, or lost phones are also on the rise, and clearing the way for bad agents to track others without consent.
More than 200 apps and services offer stalkers a variety of capabilities, including basic location tracking, text harvesting, and even secret video recording.
What we, as consumers, can do is be more vigilant about the apps we install on our phones and the permissions we grant them.
For example, a clothing and accessories app, even from a well-known brand, does not need access to your camera, contacts, location, and other features on your phone just to show you its latest offerings every day or to display your membership barcode for scanning during purchase.
So think before you install and permit.
