The messages may look quite authentic, featuring corporate logos and formats similar to the ones used for legitimate messages. Typically, they ask for verification of certain information, such as account numbers and passwords, allegedly for auditing purposes. And because these e-mails look so official, up to 20% of unsuspecting recipients may respond to them.

If the program recognizes that a person is on one of these sites, it does keystroke logging. Even though all financial sites use encryption built into the browser to protect login data, the Trojan horse program can capture the information before it gets encrypted by the browser software. This occurs because the browser does not encrypt data between a victim’s keyboard and computer -- encrypting commences only when the data goes out onto the Internet.

Spyware
Spyware is a generic term typically describing software that “sneaks” onto the system or performs other activities hidden to the user. Spyware is usually bundled as a hidden component in mislabeled freeware and shareware applications downloaded from the Internet. These modules are almost always installed on the system secretively, suggesting that spyware companies know how users feel about such software.

Spyware exists as an independent, executable program on your system, and has the capability to do anything any program can do, including monitor keystrokes, arbitrarily scan files on your hard drive, change your default homepage, interface with your default Web browser to determine what websites you are visiting, and monitor various aspect of your behavior, "phoning home" from time to time to report this information back to the spyware author.

Malware
Malware is typically used as a catchall term to refer to any software designed to cause damage to a single computer, server, or network, whether it's a virus, a Trojan Horse, spyware, etc.

Viruses are computer programs or scripts that attempt to spread from one file to another on a single computer and/or from one computer to another, using a variety of methods, without the knowledge and consent of the computer user. A worm is a specific type of virus that propagates itself across many computers, usually by creating copies of itself in each computer’s memory. The most common method used for spreading a virus is through e-mail attachment.

A Trojan Horse meets the definition of virus in the sense that it attempts to infiltrate a computer without the user’s knowledge or consent. A Trojan Horse, similar to its Greek mythological counterpart, often presents itself as one form while it is actually another. Trojans typically do one of two things: they either destroy or modify data the moment they launch, such as erase a hard drive, or they attempt to ferret out and steal passwords, credit card numbers, and other such confidential information.


Account Takeover:

Account takeover occurs when a fraudster obtains your personal information. Often they do not need your actual card number. Once the fraudster has your information, he or she will contact your credit card company and change the address on your account.

Next, the fraudster will call and report your card lost or stolen and request a new card replacement. The new card is then sent to the new billing address on the account. The fraudster has successfully taken over your account - hence the term "account takeover". This is currently the most popular type of credit card fraud. It doesn't require the technology of a counterfeit card, nor the waiting time of a fraudulent application.

Also, companies often link PIN numbers and other information to the new card automatically. The fraudster can access cash, and sometimes even have access to the checking account information that you provided to your credit card institution. Despite all the new security measures that many card companies have initiated, the occurence of account takeover frauds is on the rise.


Account Fraud:

The best phishin' hole around these days is the World Wide Web. A study by a leading research firm finds that checking account theft is the fastest-growing consumer fraud in the country -- and most of it occurs on the Web.
Based on a poll of 5,000 online U.S. adults, the Gartner study shows that some 1.98 million consumers have been victimized by checking-account fraud, resulting in $2.4 billion in losses.

Some 57 million U.S. Internet users have received fraudulent, phishing e-mails, according to Gartner, and about 1.7 million of them may have been tricked into divulging personal information. Roughly 76 percent of the attacks occurred since last October.

Most of the losses occur through "phishing" expeditions, in which counterfeit e-mails appearing to be from banks and other financial institutions are sent to millions of Internet users, asking the user to verify his or her account balance, Social Security number and other information.

The user clicks on a link in the e-mail and is taken to a site that, through the use of stolen logos and carefully copied color schemes, looks just like the real thing. The consumer provides the information requested and thereby gives the scam artists access to the consumer's checking account.

Others include the use of "spyware." These programs are installed sureptitiously on consumers' computers, often by clicking on a pop-up ad. Once installed, the program records key clicks, enabling crooks to learn the consumers' user IDs and passwords.


Trojan horses:

Trojan horse attacks pose one of the most serious threats to computer security. If you were referred here, you may have not only been attacked but may also be attacking others unknowingly. This page will teach you how to avoid falling prey to them, and how to repair the damage if you already did. According to legend, the Greeks won the Trojan war by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. In today's computer world, a Trojan horse is defined as a "malicious, security-breaking program that is disguised as something benign". For example, you download what appears to be a movie or music file, but when you click on it, you unleash a dangerous program that erases your disk, sends your credit card numbers and passwords to a stranger, or lets that stranger hijack your computer to commit illegal denial of service attacks like those that have virtually crippled the DALnet IRC network for months on end.

Trojans are executable programs, which means that when you open the file, it will perform some action(s). In Windows, executable programs have file extensions like "exe", "vbs", "com", "bat", etc. Some actual trojan filenames include: "dmsetup.exe" and "LOVE-LETTER-FOR-YOU.TXT.vbs"

Trojans can be spread in the guise of literally anything people find desirable, such as a free game, movie, song, etc. Victims typically downloaded the trojan from a WWW or FTP archive, got it via peer-to-peer file exchange using IRC/instant messaging/Kazaa etc., or just carelessly opened some email attachment. Trojans usually do their damage silently. The first sign of trouble is often when others tell you that you are attacking them or trying to infect them!