Key Loggers - Tilted Forum Project Discussion Community

Redlemon · 03-08-2010, 06:05 AM

I found myself in an uncomfortable situation a couple of weeks ago... I had to enter my credit card number on a public internet terminal. Thinking about key loggers, I had an idea that might confuse them. Please tell me if I'm thinking clearly on this.

I typed in the first part of the credit card number, immediately followed by the last part. Then I used the mouse to drop into the middle of the number to enter the middle numbers.

I was thinking that the key logger, if present, would not be able to tell where I moused to, and would therefore see the numbers in the wrong order.

I'll be checking my next credit card statement carefully, but in the meantime, what do you guys think?

Lasereth · 03-08-2010, 06:11 AM

Sounds like a good idea to me. I don't think that keyloggers are smart enough to realize what you're doing.

Reese · 03-08-2010, 06:32 AM

I do that.

It'll help against a simple keylogger. Not to worry you any more than you already are but there are nastier things than keyloggers. It could be used in conjunction with screen capture software that basically starts recording what's on your screen when it sees you're on an encrypted page. It could also capture mouse movements and see what you highlight just in case you add extra characters to your password and highlight and remove them with the mouse.

Heck, If the computer is compromised, it could easily redirect your page requests and instead of sending you to your bank website it could send you to some identical looking fake site and you'd just send your info right to them.

I would follow Douglas Adam's advise. DON'T PANIC!

Plan9 · 03-08-2010, 07:57 AM

I've found the best way to prevent credit card fraud is to have a good credit rating and carefully review your statements each month.

Someone tried to use one of my cards while I was deployed and the credit card company locked in on that in a heartbeat. Good show.

"He can't possibly be trying to buy baby formula in Tulsa, Oklahoma... he's thousands of miles away in Afghanistan."

Hektore · 03-08-2010, 08:04 AM

Another option - my wife and I share a single credit card with $500 limit and it is used only for only purchases and never anywhere else. Our other cards are never used online, for any purpose. This way, worst case, only one of our cards are compromised and at a max of $500. It also makes it somewhat easier to find an out of place charge - although that hasn't happened yet.

Cynthetiq · 03-08-2010, 08:19 AM

I don't think it matters that much anymore.

My account has been compromised twice, in two different countries at two different times in Europe not while we were traveling to Europe. I've also had fraud detection suspend my account because I made purchases that I would not have normally made when I was traveling in California. They locked me out the last day a few hours before leaving.

These guys are much more nefarious than key loggers are concerned when it comes to credit cards. The waitress you hand your card to can do much more damage and you willingly hand it to her and she walks out of sight for 5-10 minutes.

Quote:

Originally Posted by Plan9

I've found the best way to prevent credit card fraud is to have a good credit rating and carefully review your statements each month.

Someone tried to use one of my cards while I was deployed and the credit card company locked in on that in a heartbeat. Good show.

"He can't possibly be trying to buy baby formula in Tulsa, Oklahoma... he's thousands of miles away in Afghanistan."

This is the only real deterrent. Now if you were using a debit card.... that's whole different ball of wax.

Plan9 · 03-08-2010, 08:53 AM

Debit cards are used for taking money out of an ATM. My feeling is that people should get a credit card and exercise an adult level of self control.

Xerxys · 03-08-2010, 03:26 PM

That was a good idea for a scammer red. I rationalize it like this, if they are stealing credit card numbers they are cheapos that skimped on the software. I have seen a monster keylogger that would log mouse movements in relation to the keyboard. Such as what you did and renaming files. Not only would it log mouse movements but it would also save complete submissions. For example, as I type this response I edit out the typos and whatnot, well, once I hit "Post quick reply" it will copy and paste the entire completed submission to a separate .txt file.

Also, another way of committing credit card fraud is guessing the numbers. If I have the first four and the last four of your numbers I can rearrange the succeeding numbers in between because I would know what institution your card is from. Once I have a list of 16 numbers all I have to do is go to a pay phone and dial 1800-sex-now and check it.

I know all this cause ...

03-08-2010, 06:05 AM	#1 (permalink)
Redlemon Devoted Donor Location: New England	Key Loggers I found myself in an uncomfortable situation a couple of weeks ago... I had to enter my credit card number on a public internet terminal. Thinking about key loggers, I had an idea that might confuse them. Please tell me if I'm thinking clearly on this. I typed in the first part of the credit card number, immediately followed by the last part. Then I used the mouse to drop into the middle of the number to enter the middle numbers. I was thinking that the key logger, if present, would not be able to tell where I moused to, and would therefore see the numbers in the wrong order. I'll be checking my next credit card statement carefully, but in the meantime, what do you guys think? __________________ I can't read your signature. Sorry.

03-08-2010, 06:11 AM	#2 (permalink)
Lasereth Knight of the Old Republic Location: Winston-Salem, NC	Sounds like a good idea to me. I don't think that keyloggers are smart enough to realize what you're doing. __________________ "A Darwinian attacks his theory, seeking to find flaws. An ID believer defends his theory, seeking to conceal flaws." -Roger Ebert

03-08-2010, 06:32 AM	#3 (permalink)
Reese Delicious	I do that. It'll help against a simple keylogger. Not to worry you any more than you already are but there are nastier things than keyloggers. It could be used in conjunction with screen capture software that basically starts recording what's on your screen when it sees you're on an encrypted page. It could also capture mouse movements and see what you highlight just in case you add extra characters to your password and highlight and remove them with the mouse. Heck, If the computer is compromised, it could easily redirect your page requests and instead of sending you to your bank website it could send you to some identical looking fake site and you'd just send your info right to them. I would follow Douglas Adam's advise. DON'T PANIC! __________________ “It is better to be rich and healthy than poor and sick” - Dave Barry

03-08-2010, 07:57 AM	#4 (permalink)
Plan9 I Confess a Shiver	I've found the best way to prevent credit card fraud is to have a good credit rating and carefully review your statements each month. Someone tried to use one of my cards while I was deployed and the credit card company locked in on that in a heartbeat. Good show. "He can't possibly be trying to buy baby formula in Tulsa, Oklahoma... he's thousands of miles away in Afghanistan." __________________ *Whatever you can carry.* "You should not drink... and bake."

03-08-2010, 08:04 AM	#5 (permalink)
Hektore Junkie Location: Greater Harrisburg Area	Another option - my wife and I share a single credit card with $500 limit and it is used only for only purchases and never anywhere else. Our other cards are never used online, for any purpose. This way, worst case, only one of our cards are compromised and at a max of $500. It also makes it somewhat easier to find an out of place charge - although that hasn't happened yet. __________________ The advantage law is the best law in rugby, because it lets you ignore all the others for the good of the game.

03-08-2010, 08:53 AM	#7 (permalink)
Plan9 I Confess a Shiver	Debit cards are used for taking money out of an ATM. My feeling is that people should get a credit card and exercise an adult level of self control. __________________ *Whatever you can carry.* "You should not drink... and bake."

03-08-2010, 03:26 PM	#8 (permalink)
Xerxys Junkie Location: My head.	That was a good idea for a scammer red. I rationalize it like this, if they are stealing credit card numbers they are cheapos that skimped on the software. I have seen a monster keylogger that would log mouse movements in relation to the keyboard. Such as what you did and renaming files. Not only would it log mouse movements but it would also save complete submissions. For example, as I type this response I edit out the typos and whatnot, well, once I hit "Post quick reply" it will copy and paste the entire completed submission to a separate .txt file. Also, another way of committing credit card fraud is guessing the numbers. If I have the first four and the last four of your numbers I can rearrange the succeeding numbers in between because I would know what institution your card is from. Once I have a list of 16 numbers all I have to do is go to a pay phone and dial 1800-sex-now and check it. I know all this cause ...