Imagine a stranger standing over your shoulder watching you log in to your online bank account. This scenario plays out in the virtual world as cyber criminals virtually monitor keystrokes as you type on your computer keyboard. The monitoring occurs via applications called keyloggers. Clever criminals devise multiple methods to steal your information, though keylogging applications operate using similar principles.
Keyloggers are like matches -- they have constructive uses, such as starting a fire for cooking, but they are also useful for criminal use, such as burning down a building. Keyloggers are legal. Companies use them to monitor the activity of staff using their computers; parents use them to insure that their children do not surf to inappropriate websites and they also operate as backup devices. For instance, if you have a keylogger running while typing an important letter, the keylogger saves what you typed even if your computer crashes before you can save your file.
You can find two types of keyloggers, physical and virtual. A hardware keylogger is a physical device that resides somewhere on the computer. It might be a card that you insert inside the computer or a tiny USB device that you can insert into a free USB port. Software keyloggers, on the other hand, are applications you must install on a computer. Unless cyber criminals have physical access to a victim's computer, the criminals must find a way to get the victim to unwittingly install this type of keylogger.
Keyloggers and Trojans
Criminals often use malware programs called Trojans to install other types of malicious applications on someone else's computer. A Trojan masquerades as a normal utility or other useful program that you download from a website. If you install a Trojan that contains a hidden keylogger, it can monitor your keystrokes and transmit everything you type to cyber criminals. Some keyloggers also have the ability to take screenshots of activity that occurs on your screen. Because Trojans pretend to be safe programs, don't install software unless it's from a source you trust.
Email and Website Threats
Your email inbox is also a target for cyber criminals hoping to obtain your private information. Cyber criminals have successfully stolen millions of dollars using keyloggers embedded in email attachments. Opening an email attachment that contains a keylogger allows the software to install on your computer, so the keylogger captures information as you type. If you then type your username and password into your bank's login page, you provide access to the cyber criminals who receive your keystrokes. Scan your email program attachments for malicious software, open only those attachments that you are expecting or that come from a sender you know.
Not all keyloggers transmit information over the Web. For instance, a parent with access to a child's computer with a keylogger on it retrieves keystroke information by simply logging in to the computer and reading a data file. Some keyloggers enable you to transmit recorded keystroke information short distances using Bluetooth. Installing a security program that detects keyloggers protects you should you inadvertently install a keylogger malware. The software detects and deletes the program. Other software automatically scrambles your keystrokes, providing further protection.
- Pixland/Pixland/Getty Images