Your Computer's Stealth Identity Thief
July 18, 2005 -- Next time you're online, it might be worthwhile to consider the dangers of aimless surfing. Every time you visit a Web site or open an attachment in your e-mail, you could be downloading a spy into your computer.
The "spy" is known as a keylogger -- an invisible software program that identity thieves can use to track your online activity. And even if you're careful, it's probably impossible to detect if a keylogger is recording information like your credit card number or bank account password.
"You won't know it's there, you won't see your machine slow down, you won't see anything unusual," said Vincent Weafer, director of security with the digital security firm Symantec. "It can just silently watch every keystroke you type in… as if they're standing over your shoulder.
At least a third of online crimes can now be traced to keylogging. Part of the reason for this is that the programs are legal to obtain and the crime is relatively easy to commit. Typing "keylogger" into a simple Internet search engine returns multiple programs that are perfectly legal to buy and install.
Many parents use keylogging technology to check up on the Web sites children are visiting, and some businesses use it to monitor employee activity. But in the hands of a hacker looking to steal your financial information, keyloggers are very dangerous.
And as more Americans turn home computers into personal banking and bill-paying centers, the chances for identity theft grow by the day.
"It is a problem that is growing exponentially, and it's growing exponentially because more and more people are keeping larger and larger amounts of data on their computers," said Joseph DeMarco, an assistant U.S. attorney in the computer crimes division.
Passing Your Information Around
Attackers who use keylogging operate much the same as other identity thieves. They often sell the information to third parties who will use whatever account or personal information they can get to run up credit card purchases or funnel money out of bank accounts.
Hackers who use keylogging to get into one computer at a company or business have the ability to spread throughout the entire organization, often stealing vital information from the company's customers. These types of breaches are often undetectable until customers begin complaining about fraudulent charges
And the problem is growing. Computer security experts say the number of keylogging crimes is doubling every year.
But there are ways to protect yourself. Experts say the most basic safety rule is to carefully monitor what is downloaded onto your computer and which sites your are visiting. Brand name sites of major banks and retailers are usually relatively safe, they say. But responding to spam e-mails or downloading free software from unfamiliar sites leave you open to potential hacking.
The following are other tips to help protect yourself against key logging, spyware and other computer viruses:
Do not click OK on pop-up windows without first reading them thoroughly.
Never open spam e-mail.
You should pay for software instead of opting for the free, advertising supported version, which often contains spyware.
Never click on links in e-mail you receive from an unknown source. Type the URL into your Web browser.
Do not open e-mail attachments from an unknown source.
Use a firewall to help prevent any unauthorized computer activity.
Run a weekly, full system anti-virus computer scan.
ABC News' Betsy Stark filed this report for "World News Tonight."