What Is Personally Identifiable Information (PII) Harvesting?
PII harvesting is a type of attack in which criminals manipulate the forms within your web pages to collect the personally identifiable information that users submit, typically on a login or checkout page. PII may include social security numbers, usernames, passwords, pin numbers and addresses. After collection, this data is used by the criminal or resold on the dark web. The list of companies who have fallen prey to a PII harvesting attack - sometimes called formjacking - includes some well-known brands such as British Airways. Digital skimming attacks like Magecart also harvest and steal PII data, but they primarily target credit card data.
An Easy Way to Steal User Data
Attacks Go Unseen
Client-side attacks on front-end code can be hard to spot and the behavior changes on the pages are often small and selective. In fact, only 11 percent of website decision-makers believe they have complete insight into the third-party scripts on their website. Attackers can breach a site’s client-side code and hijack the users’ PII data, but it could be months before anyone is aware of the breach.
Take Control of the Client-Side
Client-side data theft is on the rise, but being able to protect your web and mobile applications requires visibility into the scripts running on the client-side. By being able to detect and track suspicious scripts, as well as new scripts and changes in the behavior of existing ones, you can block attackers from accessing your users’ data.