Formjacking is an increasingly popular tool in the ever-escalating war for your data. It is the digital equivalent of card skimming: Where a skimming device captures your card data when you swipe it at a gas pump or ATM, formjacking code captures it the moment you submit an order entry form on an infected website.

As a consumer there is nothing you can do to prevent it (short of making all your purchases offline). It is not your device that is infected with the code, it is the website. Even well-established, well-regarded online retailers are vulnerable, if cybercriminals are able to infect less-protected third-party software down their supply chain.

Symantec reports almost 4 million formjacking attack attempts in 2018, with an average of about 4,800 sites successfully infected monthly.. The cyber security community can protect against these attacks, but as always systematic and comprehensive vigilance is the key.

As a consumer you won’t know you’ve been formjacked until your data is used. So, this is another good reason to monitor your financial statements and credit reports carefully. You should institute a credit freeze the moment you suspect a problem—and strongly consider doing it now.