Remember when ATM skimming devices skyrocketed in popularity among thieves? There’s a newly popular online equivalent, beloved by cyber attackers.

Formjacking involves placing a snippet of JavaScript code onto a webpage where consumers are expected to enter debt card numbers. Once a consumer enters numbers, the numbers are immediately siphoned off by this ‘skimming’ system. After millions of people use an infected site, hackers are flush with stolen financial data. It’s more lucrative than cryptomining or ransomware.

Information security news site DarkReading reports that formjacking software allowed Magecart, a cyber hacking group, to infiltrate more than 800 e-commerce sites.

A common means of accessing a site involves entry by way of third-party program. For example, in the attack directed towards Ticketmaster, hackers infiltrated the company’s chat-bot in order to break into the larger system. Hackers were able to obtain payment details belonging to 40,000 customers.

The amount of money accessible through formjacking attacks is both astonishing and distressing. In a high profile formjacking attack that targeted British Airways, bad actors were able to tap into more than $16 million.

Once the credit card numbers are in a hacker’s hands, the hacker may decide to sell the numbers on the dark web. Single credit cards go for about $45.00 each, and have untold sums on them waiting to be exploited.

Roughly 4,800 sites are affected by formjacking software per month. As a consumer, determining whether or not a site has been compromised by formjacking is a nearly impossible task. Businesses can assess their sites by utilizing off-the-shelf comprehensive software solutions.

Get the full story at Computer Business Review.