Prevent PII Harvesting with PerimeterX

What Is Personally Identifiable Information (PII) Harvesting?

PII harvesting is a type of attack in which criminals manipulate the forms within your web pages to collect the personally identifiable information that users submit, typically on a login or checkout page. PII may include social security numbers, usernames, passwords, pin numbers and addresses. After collection, this data is used by the criminal or resold on the dark web. The list of companies who have fallen prey to a PII harvesting attack - sometimes called formjacking - includes some well-known brands such as British Airways. Digital skimming attacks like Magecart also harvest and steal PII data, but they primarily target credit card data.

An Easy Way to Steal User Data

To gain access to PII, attackers exploit security vulnerabilities in JavaScript and other third-party code components used to build websites and web applications. A vast majority of developers use code components to improve performance or add new capabilities faster, and up to 70% of code on websites is comprised of scripts from third parties. The security flaws in client-side code give attackers a new way in and it’s relatively easy to inject malicious code into third-party components, particularly where a vulnerability in a widely used component is broadly known.

Attacks Go Unseen

Client-side attacks on front-end code can be hard to spot and the behavior changes on the pages are often small and selective. In fact, only 11 percent of website decision-makers believe they have complete insight into the third-party scripts on their website. Attackers can breach a site’s client-side code and hijack the users’ PII data, but it could be months before anyone is aware of the breach.

Take Control of the Client-Side

Client-side data theft is on the rise, but being able to protect your web and mobile applications requires visibility into the scripts running on the client-side. By being able to detect and track suspicious scripts, as well as new scripts and changes in the behavior of existing ones, you can block attackers from accessing your users’ data.

PerimeterX Code Defender Prevents Client-side Attacks

PerimeterX Code Defender protects your digital business from client-side attacks that steal your users’ sensitive data. It monitors third-party script activities in real time, detecting and tracking suspicious activity and changes. Unwanted scripts are blocked from accessing your web and mobile applications.

PerimeterX Code Defender Prevents Client-side Attacks

By using behavioral analysis, machine learning and data analysis, Code Defender actively collects key metrics on anomalous behavior so your application security is continually strengthened.

© PerimeterX, Inc. All rights reserved.