SAN DIEGO COUNTY - An estimated 98 million Americans bank online, thanks to Web-based bill-paying, money transfers and other activities made possible by financial institutions and service providers. The convenience of completing these tasks at home helps simplify hectic schedules and provides customers with 24-hour account access.

Although financial institutions have security measures in place to protect their customers, cyber criminals have devised ways to circumvent some of these security devices. One tactic is to attack a bank customer’s computer with a technique called keystroke logging (or just key logging), which puts both the customer’s identity and finances at risk.

Internet security firm Webroot reports that cybercriminals are churning out new variants of malware programs designed to log keystrokes at an increasing rate. One such program is called Zbot, which can activate while the owner of an infected PC is browsing a financial institution’s Web site.

In recent months, Webroot’s Threat Research Lab has detected a steady increase in the incidents of Zbot. The program, and others like it, can not only record what a person types, such as the bank account username and password, but can also steal the responses to "security questions" the bank might ask.

Some versions of Zbot can take pictures of the screen whenever the bank customer clicks his mouse, which defeats even "soft" on-screen keyboards that some banks use specifically to thwart key loggers.

"Online banking sites are tempting and potentially very lucrative Advertisement

[ Berry-Bell and Hall Mortuary ] channels for cybercriminals to target a great mass of people," said Mike Kronenberg, chief technology officer for Webroot’s consumer security division. "We’re seeing malware authors rapidly update their banking Trojan programs in an effort to avoid detection by Internet security solutions. This means consumers need to stay on top of protecting themselves online."

Kronenberg recommends three key steps for protecting one’s personal finances and identity online:

Be Protected: Computer users should make sure they have a reputable antispyware and antivirus program installed on their computers. They should also be careful when doing searches for "free" antivirus software because the results are often decoys that have malicious programming built in to them.

Stay Protected: They should suppress the urge to hit the ignore button when they get those pesky reminders asking if they would like to check for updates. By having the most up-to-date software for both their operating system (like Windows or Linux) and their antispyware and antivirus program, they will get the highest level of security.

Diversity is key: No one would not use the same key for their car, office and their home. Although it may seem simplest to just use the same password for all one’s online accounts, it is perhaps the riskiest thing they can do to open themselves up to identity theft. If just one of their accounts is hacked it opens the door for the thief to gain access to all of them.