Keystroke logging is a system of "recording" a series of keystrokes and then "playing back" the recording to replicate the actions of the user.
It is used by fraudsters to access information about internet users, such as passwords, credit card and banking information, personal details, and more, to use in identity theft and other malicious deeds.
Keystroke logging can take place via software or hardware installations.
Key logging software makes a copy of all your keystrokes and saves the details to a file on your hard drive. Key logging software can be installed by the attacker in a number of ways. It can be hidden in an e-mail attachment you received, in downloaded software, and in malware. Key logging hardware can be installed by the attacker when working on your computer by simply plugging a memory stick or other physical device into your computer. Hardware and USB key loggers are physical equivalents that work by intercepting the communication between your keyboard and your terminal. The keypresses are typically either stored offline until the attacker can retrieve them or sent digitally over the internet to the attacker’s server.
How to prevent Keystroke Logging
- Ensure that you have effective access control to your computer and associated work environment
- Be alert to changes in your computer hardware – hardware key loggers can look similar to common computer equipment, so check your personal computer regularly
- Ensure that the computers on your network have the latest security patches
- Do not download attachments from unknown sources
- Do not open attachments that have unrecognised file extensions
- Limit administrative access to authorised users only
- Ensure individual login accounts for each Business Online operator
- Ensure passwords are sufficiently complex and changed regularly
- Monitor access to servers and internal networks
- Implement audit logs to promote accountability