A+ A A-

Consumers Are Warned to Be Wary of Keyloggers to Prevent Identity Theft Over the Holidays and Beyond

Recent Studies Suggest Most Consumers Are Not Protected From This Malware

Walnut Creek, CA December 11, 2013 - The Identity Theft Council is warning consumers and businesses to be aware of the menace of keyloggers, over the Christmas holidays and beyond. In the aftermath of the recent discovery of more than 2 million stolen passwords on a hacker server, the prime suspect in the incident was initially a keylogger.

A keylogger is a piece of malware designed to capture things like bank and email passwords as you type them. In the same week that global media were discussing the discovery of the 2 million hacked passwords, a San Francisco-based security firm announced that when they tested 44 of the most popular antivirus programs on the market, for two full weeks, only one was able to detect the existence of a keylogger.

"I think what most in the media missed in the hacked passwords story is how little consumers and small businesses actually know about the danger of keyloggers", said Neal O'Farrell, founder of the Identity Theft Council and one of the world's most experienced personal security experts. "If the research is right, consumers who simply rely on antivirus software to protect against keyloggers could be extremely vulnerable."

Keyloggers are most often used to steal logins and passwords, but they can also capture screenshots of what's on a user's computer, screenshots of the websites visited and folders opened, and even searches. There are also hardware keyloggers, designed to look like a plug or connector you'd expect to find at the back of a computer or even a cash register. One such keylogger was recently found plugged into a cash register at a Nordstrom store.

Using a touch-screen may not help you avoid keyloggers. It's still a keyboard sending signals that can be intercepted, and good keyloggers will record your screen activity anyway. And if you use public computers, like at a library, you could be especially vulnerable. Library computers are a very popular watering hole for keyloggers because they generally have many different users, public access, poor security, and little supervision.

"Keyloggers can easily be used to commit identity theft, steal personal information, and break into bank accounts," said Mr. O'Farrell "And they don't usually have to worry about being caught - until it's too late."

So what's the key to avoiding keyloggers? It's all about good security habits:

Use anti-keylogger software, like Key Scrambler (free). These products won't protect you against every type of keylogger but are a good defense against the more common software based. Some work by instantly encrypting or scrambling all your keystrokes so that they're unusable to hackers.

Use a safe surfing tool or plugin, like McAfee Site Advisor or Web of Trust (WoT). As users become more wary of malware hidden in email attachments, hackers are turning to websites instead. Known as watering holes, hackers will find vulnerable websites, load them with keylogging malware, and simply lie in wait for visitors to those sites. Security firm SiteLock says it's finding as many as 5,000 small business web sites every single day already compromised with malware. Safe surfing tools will help alert you of suspicious or dangerous websites before you click on them.

Always have good antivirus software on every computer and device you use. Some of the best products are free, including for your smartphone and tablet. And scan often – at least once a week is recommended.

Change your passwords often and think about passphrases instead. Passphrases are explained in our blog at and are a much safer and simpler alternative to passwords.

Be careful what you download and install. Poor security habits and hygiene are a leading contributor to malware infections. Slow down, guard up, verify first, and only download if you're really sure and you really need to.

Be careful what you type and where. Avoiding accessing your bank account from a public area, like a coffee shop, is a simple way to avoid the threat of a nearby sniffer.

About the Identity Theft Council

The Identity Theft Council is an award-winning non-profit that provides free support to victims of identity theft, free training for law enforcement, and community outreach and education. The Council was the first non-profit to win the prestigious SC Magazine Editor's Choice Award, joining previous recipients like the NSA and SANS Institute. Partners in the Council include the Council of Better Business Bureaus, Independent Community Bankers of America, the Online Trust Alliance, and the Identity Theft Resource Center. The Council is based in Walnut Creek, California, America's first Cyber Secure City. For more information, please visit