Prevent PII Harvesting with PerimeterX

PII harvesting is a type of attack in which criminals manipulate the forms within your web pages to collect the personally identifiable information that users submit, typically on a login or checkout page. PII may include social security numbers, usernames, passwords, pin numbers and addresses. After collection, this data is used by the criminal or resold on the dark web. The list of companies who have fallen prey to a PII harvesting attack - sometimes called formjacking - includes some well-known brands such as British Airways. Digital skimming attacks like Magecart also harvest and steal PII data, but they primarily target credit card data.

To gain access to PII, attackers exploit security vulnerabilities in JavaScript and other third-party code components used to build websites and web applications. A vast majority of developers use code components to improve performance or add new capabilities faster, and up to 70% of code on websites is comprised of scripts from third parties. The security flaws in client-side code give attackers a new way in and it’s relatively easy to inject malicious code into third-party components, particularly where a vulnerability in a widely used component is broadly known.

Client-side attacks on front-end code can be hard to spot and the behavior changes on the pages are often small and selective. In fact, only 11 percent of website decision-makers believe they have complete insight into the third-party scripts on their website. Attackers can breach a site’s client-side code and hijack the users’ PII data, but it could be months before anyone is aware of the breach.

Client-side data theft is on the rise, but being able to protect your web and mobile applications requires visibility into the scripts running on the client-side. By being able to detect and track suspicious scripts, as well as new scripts and changes in the behavior of existing ones, you can block attackers from accessing your users’ data.