A small business owner learns about a possible security hole in her internet browser. She does a search to find out more about it and lands on a site that explains the problem and offers a free download to fix it. Wary of downloading a file from an unfamiliar site, she leaves it and goes to a more credible site, finds the patch, downloads and installs it, and believes she’s protected.
Unfortunately, software running on the first site detected the vulnerability and installed a program that records and transmits back every keystroke she types. As she does some online banking, the program captures her login information, account number, answers to security questions, and other private information. Weeks later, she finds that both her personal and business bank accounts are cleaned out.