In an increasingly wired and interconnected world, you may be tempted to access your online banking from public Wi-Fi, accept files from people you know only through social-media connections, try out numerous freeware smartphone apps and assume that password protection offers sufficient security for your wireless home network. In the real world of online crooks, scams and fraud, however, these practices can make you a sitting duck for keystroke logger scams.
How Keylogging Works
Keystroke loggers act as data recorders that compile a record of every keystroke you type on your computer. They can be used to obtain illicit access to usernames, passwords, social security numbers and other personally identifiable information, financial data, proprietary technical or business secrets, and formal or casual communications between individuals who use chat or text methods. Some keyloggers run as software programs in the background of your regular computer operations. Others hook directly into your operating system and take over the functions of keystroke interpretation. Finally, some run from hardware devices plugged in to your computer. These virtual or physical pieces of malware can store captured data for physical retrieval or transmit it through your Internet connection to a remote a location.
A scammer with physical access to your desktop computer can attach a device that contains a keylogging payload to one of the ports on your system. Designed to look like a dongle, plug or cable, these gadgets work most effectively when they attach to the back of your computer, minimizing the likelihood that you recognize their presence. The size and shape of a laptop computer reduces the chances of a keylogger attachment escaping your view, but a keylogger delivered through a USB flash drive could escape your notice. Alternatively, however, one of these devices plugged in to a public computer can bypass the awareness of everyone who used an unfamiliar system. Avoid flash drives of unknown origin and remain alert to changes in your computer's configuration. At the same time, restrict your use of public Wi-Fi to activities that don't disclose your personal and financial information.
Phishing email scams often include either an attachment that a message encourages you to activate by clicking on it or a link to a site you're encouraged to visit. These messages and their directly attached or indirectly acquired malware payloads can serve as an effective means of introducing software-based keyloggers onto your computer. If you've educated yourself about phishing scams and carefully resist the temptation to click on attachments in suspicious messages or those from unknown senders, you can limit your vulnerability to keyloggers, but maintaining an up-to-date anti-malware program in addition can halt an attack that comes from a dubious file or website destination.
Smartphones can act as pocket computers, providing unparalleled mobile access to your personal data and files as well as online destinations. Their power, flexibility and mobility also make them ideal targets for phishing scams that can install malware. Free apps can consist entirely of keylogging routines, activated when you install a product only to find that it lacks any business or entertainment value, and become infected in the process. Some freeware products incorporate keyloggers into routines that offer some actual value -- entertainment or otherwise -- but that also record the websites you visit or other aspects of your online behavior, reporting these details to a company that sells consumer-behavior information.
- Tompkins Trust Company: Trojans and Keystroke Logging
- Dark Reading: FBI Warns Of Scams Targeting Financial Industry
- Symantec: Introduction to Spyware Keyloggers
- Securelist: Keyloggers: How They Work and How to Detect Them (Part 1)
- Nedbank: Keystroke Logging
- eWeek: Police Foil $420 Million Keylogger Scam
- The Register: Hardware Keyloggers Found in Manchester Library PCs
- The Register: Police Cuff US Student Keystroke Logger
- SecurityFocus: Guilty Plea in Kinko's Keystroke Caper
- MSN Money: Your Smartphone May Be Spying on You
- CNET: FAQ: Demystifying ID Fraud
- Identity Guard Resource Center: Keylogging: Identity Theft Threat or Useful Tool for Employers?
- Western Australia Police: What Are Keystroke Loggers?
- Community Financial Services Bank: Fraud Security: Protecting Yourself from Online Banking Fraud
- MSN Money: Financial Privacy: Be Wary of These 9 Credit Card Scams
- Visa Data Security Alert: Key Logger Malware: Key Stroke and Screen Capture
- NerdWallet: Beware of Scams During the Holidays
- The Register: Mission Impossible at the Sumitomo Bank
- Jupiterimages/Comstock/Getty Images