Phishers are apparently increasingly turning to keyloggers (programs that record the keystrokes being entered into a computer into a text file) to do their foul deeds. Recently, security software company Websense have detected a sharp rise in the use of keyloggers, replacing or supplementing the established phishing practices of luring victims to malicious web sites and then tricking users into disclosing logins and usernames for banking sites and suchlike.
The keylogger programs are built specifically to capture login names and passwords for online bank accounts and to send them to the attackers, Websense Security Labs said. They typically exploit vulnerabilities in Microsoft's Internet Explorer browser program.
Each week in March and February, Websense uncovered as many as 10 new keylogger variants and more than 100 new Web sites set up to infect computers with them. That's up from November and December, when the company's researchers identified an average of one-to-two new variants and 10 to 15 Web sites per week.
Phishing attacks are getting more sophisticated, and we warn all readers to be very careful. Be especially suspicious about e-mails claiming to be from your bank, Paypal or some other financial body, especially if they ask for your username and password. Delete ALL mail that does not seem to be from someone you know and expect mail from. Hopefully one day all of this will stop, but don’t hold your breath right now.