Have you ever heard of Shoulder Surfing in cyber security? It is another social engineering attack where scammers get your personal information. It is the simplest form of fraud. Everyone can quickly learn how to do it, which can happen in most public places.
Shoulder surfing in cyber security is a form of data theft where criminals steal sensitive information by observing victims using devices such as computers, smartphones, and payment card ATMs. The term “Shoulder Surfing” refers to thieves peering over the shoulders of victims, waiting for them to inadvertently enter passwords, pin codes or any type of confidential information, which can result in identity theft or possible fraud.
Shoulder Surfing attacks are common and tend to happen in public, either physically or electronically. Nowadays, scammers still use the tactics of looking over a victim’s shoulders to steal confidential data. However, since technology has improved, numerous tricks have been added, allowing them to be more creative.
Place especially crowded
Shoulder surfers are experts at the stealthy observation of buses, cafes, and restaurants, especially anywhere that’s particularly crowded. They can also be keen listeners, tuning in when someone talks about an account number or other personal information aloud while on the phone. Also, public transport is a scammer’s favourite hotspot. So they will follow right behind you on any transport and easily see everything on your screen.
Shoulder surfing more often happens in ATMs. The scammer may stand next to you and see your PIN when you are tying it to the keypad. They will use different methods to scam you, such as:
“Skimmers” or “Shimmers”
These tiny devices attach to the top of an ATM or go inside the card reader and steal your account information when you use them.
Video cameras and recording devices
Some shoulder surfers might place tiny or hidden cameras around ATMs to directly observe your PIN keystrokes and card details.
Binoculars and high-powered listening devices
Other scammers might stay in their cars across the parking lot and use binoculars and listening devices to steal your information.
Using Public Wi-Fi
You have already put your personal information in danger when connected to public Wi-Fi anywhere. Scammers use unsecured public Wi-Fi networks to commit man-in-the-middle attacks (MITM). Scammers use this shoulder surfing technique to intercept the connection and steal data from you.
Do not verbally say your password in public
If you are asked to provide your payment password publicly, please don’t say it. Alternatively, writing it on a piece of paper and asking the office staff to shred it when they are done or asking them to provide information to you in a more private area can effectively protect you from shoulder surfing attacks. When someone asks for your password, please ensure it is completely necessary.
Protect your ATM PIN with social distancing
When using an ATM, ensure people are several feet away from you and keep your hand over the keypads when entering that pin. Therefore, it is not easily accessible or viewable by scammers.
Use a Contactless payment method
Try to use contactless payment methods such as Apple Pay and Google Wallet that let you pay at a growing number of checkouts without swiping your card or typing in a PIN.
Use Privacy Screens
As it is easy for anyone who sits behind you or walks through to have a good view of your laptop or smartphone, buying cheap privacy screen protectors helps you to prevent being a shoulder-surfing victim.