Logging in to a site: possible fraud

Since posting my question, I've answered it myself, having started to find out about keyboard-logging software. It's frightening. If this stuff is on my computer, then no personal financial sites are safe to visit and although I can change passwords, the new password can be immediately known.

Welcome to the big bad internet. You owe it to yourself to read up on all the commonest scams and frauds and learn the basic ways to protect yourself against some of them at least.

It is my understanding that the way these emails usually work is that they purport to be from your bank, and contain a link within the email for you to click on to 'log in' and confirm your details. The link takes you to a fraudulent site masquerading as your own bank's site, from which your login details are captured as you enter them.
Provided you have decent security software on your computer and haven't actually downloaded any malicious keyloggers, you should be fine providing you log in using your banks official website, and not via any email links.
Different story using internet cafes, which can be full of nasty stuff.
If you're still concerned, you can enter your login details using a 'virtual keyboard' such as Neo's SafeKeys.

Firstly, never click on any links within an email. ALWAYS go to your own bank's web page to do so.

Secondly, if your bank supports 2 factor authentication for logging in then request this service. Various forms of 2 factor authentications are in use such as an SMS of a single use code to your mobile number; an application on the smartphone that generates a passcode (or token) which is time-synch'd to your bank's passcode server, or a special hardware device that generates a passcode.

Some banks also provide, on the login screen, a virtual keyboard that randomises the position of the letters and numbers so that keyloggers can't read what you type.

Hopefully no harm done to your bank account but you should contact your bank by telephone anyway and change your password (or have them generate a new one), to be safe.

Good luck!

You have found a phising scam.

If a bank or other financial institution wants to contact you, they will do it by letter. They will not ask for your personal details in an email.

Check out the scambusters site to find out how people want to steal money from you.

http://www.scambusters.org/

.

OK if you clicked on a link in the email to go to your bank website, they have now got your login and password. Contact your bank and get it changed immediately. If you went through your browser and typed it or a saved link on your browser everything is ok. It sounds like you did the latter because you could see your account details and balance etc.

It has nothing to do with keylogging at all in this situation. Keyloggers are used to get details off machines at places like internet cafes. They can be installed by malicious software also, but its much harder to get the information off a computer in that instance than a cafe where the thieves just log on and copy the file :-)

The idea of the email is to get you to enter the details into a fake website. the fake website records the details and then they use it to log on and transfer money out etc. I know my bank doesn't allow transfers to other parties without mobile phone acknowledgement. They send a pin to my mobile i enter it to approve the new person/company i'm transferring money to.