I recently renewed my Kaspersky anti-virus but got a cheaper version this year. Unfortunately, the new version doesn’t include the virtual keyboard that I found really useful when entering credit card and other sensitive information on websites.
I’ve heard viruses exist that track the keystrokes immediately following the victim’s click on website fields labeled “credit card number”. If this is true, can I purposely throw in a string of random numbers to throw any potential viruses off, then backspace and enter the real numbers since I no longer have a virtual keyboard installed?
I see there’s free online virtual keyboards - I’ll download one right after I post this, but my question still stands in case I order something of a friend’s computer without a VK.
I don’t know what os you are using, but Linux generally automatically includes a virtual keyboard under /utilities/accessibility ( kvkbd in KDE ); and googling shows Windows XP has one under Accessibility ( but it may need to be added from install/uninstall if I remember Windows rightly ), and I’d imagine the same goes for other Windows editions. So downloading one may not be needed.
At a guess keyloggers wouldn’t be viruses, but trojans. Again, it’s a long time since I used Windows.
If you’re on windows you could just type “osk” into the command line.
Though typing things into a virtual keyboard won’t necessarily protect you against keyloggers. It depends on how the keylogger has been designed, and how the programme you’re entering the keystrokes into works.
It’s a very good idea to use anti-virus software, a firewall, and keep your computer up to date with regular updates.
This sounds like a supremely bad idea to me. I’m pretty sure there are trojans out there capable of sniffing out credit card numbers stored on the hard disk. If you’re going to store them on the computer, a password keeper application (and one from a trusted source) that stores its data in strongly encrypted form would probably be better.
To answer this specific question, no, that wouldn’t throw them off. I’ve broken apart a few trojans, even ten years ago the more advanced ones would record the backspaces and shift/control presses and releases. They’d log something like f a k e <BACKSPACE> <BACKSPACE> <BACKSPACE> <BACKSPACE> m y p a s s w o r d.
Something that might fool some keyloggers is to enter part of a password followed by some garbage, use the mouse to highlight the garbage before pressing delete, then complete the password.
This is the height of paranoia. There are a thousand easier ways of stealing your credit card number than via a trojan and you’re protected from any loss anyway.
Yes and no. Yes, there are lots easier way to steal a cc number, mostly by hacking into a merchant’s computer system. And yes you’re protected from loss (and so is the merchant, although some merchants just don’t get this, I still get asked for picture ID sometimes when using a credit card in stores). But if someone does successfully get your card number and go wild, it can be a big headache to get your credit record cleaned up.
You don’t even have to hack into a system. You simply get underpaid clerks to harvest the numbers for you.
I have found two people in hotel accounting doing this. I also personally had my stuff taken from an H/R clerk who was doing the same with social security numbers. I probably wouldn’t have found out but the moron took my number when they HIRED ME.
You’re suppposed to take it from OLD applications YOU DON’T hire. Not new applications you DO hire — LOL
As another poster said, you ARE protected against theft with credit cards. Also make it a routine to call in your credit cards as stolen/lost once or twice a year. You will get a new credit card number and it isn’t going to cost you (This may not apply to a debit card, the bank may charge you for a debit card with a Visa or Mastercard Logo)
If you want to play around though instead of a virtual keyboard, you can use voice recognition. Vista comes with it and it’s pretty cool. I got a $5.00/microphone and you could just read the number.
If you want to be paranoid about that, you can do what I do - use a card which allows you to create virtual numbers. The feature never took off, and there’s only a couple such cards out there, but I use it for online purchases. A major point is that not only does the virtual number have a time limit and an optional credit limit, the credit card company will only honor it for a single payee - the first one to charge against it. I also give a disposable email address for online purchases, and the phone number of the city sanitation department. If I could figure out a convenient gimmick to take delivery without having to give them my street address, I’d do that, too.
I don’t worry much about my credit card, because it is protected and there are so many easier ways for them to get my card number.
I’m more concerned about accessing my bank or investment accounts online. I protect my computer carefully, but if for some reason I’m concerned, I’ll open two different browser windows and type in a key at a time in the banking login window, and in between each key, type in keys in the other browser windows.
But I don’t know whether that adds much safety. Are trojans or keyloggers smarter than that?