According to experts, keystroke loggers pose more risk to PC users than any other tool used for committing cybercrime. Also known as keyloggers, they are small programs or hardware devices that monitor each keystroke you type on a specific computer's keyboard, including typos, backspacing and retyping.
Recording your every move on the Web
Although keyloggers are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, they can be used to spy on anyone. They are used by cybercriminals to covertly watch and record everything you type on your PC in order to harvest your log-in names, passwords, and other sensitive information, and send it on to the hackers. This may include any passwords you have asked your computer to remember for you to speed up logging in, as these are held as cookies on your machine.
Unfortunately for consumers, keyloggers are becoming very sophisticated. Once on a PC, they can track websites visited by the user and only log the keystrokes entered on the websites that are of particular interest to the cybercriminal; for example online banking websites.
Therefore, keyloggers are an increasingly popular tool among identity thieves and most financial cybercrime is committed using them, as these programs are the most comprehensive and reliable tool for tracking electronic information. One security company detected just 275 keyloggers in 2001, while the number had reached 6,200 in 2005. Another security company recorded more than a 500 percent increase between January 2003 and July 2006.
Identity theft in all its various guises is one of the fastest growing crimes, with keylogging Trojan software often forming the weapon of choice for would-be fraudsters. According to figures from American consumer watchdog the Federal Trade Commission, almost ten million Americans discovered they were the victims of identity theft during 2003, with total losses approaching $50 billion. The research shows that the number of victims has risen by 50 percent since 2003 and the financial loss per consumer has more than doubled from $1,408 in 2005 to $3,257 in 2006.
In 2007, keylogging software found its way onto hundreds of PCs belonging to account holders at the large Swedish bank Nordea. In the biggest heist of customer accounts on record more than $1 million was stolen. Also in 2007, the users of an American retirement savings and investment plan for federal employees were targeted by keyloggers, with cybercriminals taking off with about $35,000 from two dozen user accounts.
In 2005, a businessman from Florida filed a lawsuit against the Bank of America after unknown hackers stole $90,000 from his account and transferred the money to Latvia. An investigation showed that his computer was infected with a malicious program that recorded every keystroke and this was how the hackers got hold of his user name and password. The court did not rule in favor of the plaintiff, saying that he had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003.
Your PC can become infected with keyloggers in various ways. They can be inadvertently downloaded from an infected Web site, email attachment, or by clicking on links. Often cyberthieves are using Trojan-horse software to load keylogging software onto unsuspecting victims' computers.
Recommended methods to protect against keyloggers include keeping all your programs up-to-date – antivirus and firewall software as well as Windows, Office and other applications – recognising phishing emails, and avoiding the temptation of clicking links in email that point to potentially dodgy sites hosting malware.