Threats

What Is Shoulder Surfing And How To Prevent It?

Shoulder surfing is a criminal practice dating back to the age of pay phones, long before laptops or phones were even conceived. From there, criminals moved on to observing victims in ATMs or making payments in crowded places. Today, the simple act of using our smart devices in public can render us vulnerable to an opportunistic attacker's shoulder-surfing tactics. This blog will cover everything about shoulder surfing and give you tips to keep yourself safe from this seemingly primitive attack. 

What is shoulder surfing? 

As the name suggests, shoulder surfing involves attackers stealing passwords, personal data, and other sensitive details by surreptitiously spying over the shoulder. But even shoulder surfers have gotten innovative. They have come up with some innovative methods, from analyzing finger motions at a distance to using binoculars or cameras. You also stand the greatest chance of having your confidential information taken in crowded locations.

Examples of shoulder surfing

  • At an ATM: Even someone standing a few feet away from you in an ATM line can discreetly read your finger movements to decode your pin. 

  • At an airport: You may not notice it, but while you surf or shop online, someone observing you from behind or nearby may take note of your finger movements to glean your credentials. They may tail you to steal your critical data just by watching your screen.

  • At a crowded bar: While paying your bill with your card, you forget to hide your pin. Someone sitting at the next table can take advantage of that. 

  • In public transport: Using your smartphone on a packed bus can leak your private details to the person standing next to you, constantly eyeing your screen. Identity theft is an escalating issue in Canada, with 61.95 incidents per 100,000 people in 2021.

Five steps to prevent shoulder surfing

1. Pay attention to your surroundings 

The first step to keeping yourself safe from attack is to be aware of your surroundings. It is a grave concern as our smartphone addiction makes us oblivious to what's happening around us. It leaves us especially prone to shoulder surfing attacks. 

The next time you need to type in a password or username on your device, ensure your back is against the wall so no one can peep from behind. Make sure you are alone in an ATM, and always put your hand over the digits while typing your pin. You can always check your surroundings before sharing private information on call or on your device. 

2. Do not use the same passwords for multiple accounts 

Password recycling is a widespread practice despite experts warning against it. 52% of people use the same password for more than one account. Even one leaked password can lay waste to all your accounts. Suppose you compromise a password during a shoulder surfing attack. In that case, there's a high chance that the criminal will try and use that password for different websites and services. With the same password for everything, you'll lose multiple accounts. 

The best option here is to use a password manager to generate complex passwords and store them for you securely. You won't have to remember multiple passwords while practicing good cyber hygiene. 

3. Use multi-factor authentication (MFA)

Multi-factor authentication is an identity verification method that combines multiple forms of authentication. Instead of just a password, MFA will also ask for a biometric key (such as your face ID or fingerprint) apart from generating a secure one-time login code. Biometrics plays a crucial role in eliminating the risk of shoulder surfing. You may have to put in a little extra effort with MFA, but it'll keep you safe. 

4. Hide your fingers, mouth, and screen

As important as it is to be aware of your surroundings while using your smart devices, it's also essential to be proactive about physically safeguarding your details. Small things like hiding your ATM pin while typing can go a long way in keeping financial fraud at bay. While sharing information on a call, hide your mouth and speak as low as possible. Many shoulder surfers are trained to decipher your finger movements skillfully. Hiding your hands while typing comes into play here. 

5. Use a privacy screen

A privacy screen is a transparent cover attached to your laptop or mobile screen, dramatically reducing viewing angles and making it very hard for anyone to spy. Many screen guards today come with in-built viewing angle distortion to minimize the risk of data exposure. 

Conclusion

In a world where digital attacks have gained prominence, ignoring the risks of physical surveillance can backfire. Identity and data security are necessary at all levels, including the personal physical space. Using the tips above, you can ensure malicious actors do not swipe your data. 

Featured Posts

See All

October 24 - Blog

Packetlabs at SecTor 2024

Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.

September 27 - Blog

What is InfoStealer Malware and How Does It Work?

InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.

September 26 - Blog

Blackwood APT Uses AiTM Attacks to Target Software Updates

Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.