Shoulder surfing is a type of data theft where cybercriminals steal personal information or confidential information by peering over the target’s shoulders. This act is much more common than you would ever imagine!
The origin of shoulder surfing dates even before the Internet was invented. Earlier, thieves would spy on payphone users and transcribe credit card numbers when the callers punched them into phone keypads.
Consequences of Shoulder Surfing
Shoulder surfing can happen anywhere as long as a keypad or touchscreen is used to send personal information across. Kiosks and ATMs are the more common target locations. It can also happen when you use the smartphone or tablet to enter personal data. Shoulder surfers can easily be found in places like restaurants, shopping malls, buses, trains, internet cafes, or ticket lines.
Thanks to technology, should surfing is also possible with digital cameras, where the perpetrator spies on the target from a distance. Often, when a thief succeeds in obtaining personal information such as social security number (SSN), PIN, password, etc. they misuse the collected data to make a withdrawal or a purchase using your account. To make it worse, they can steal your identity to open new accounts or take loans in your name.
Combating Shoulder Surfing
Here are a few simple steps to prevent shoulder surfing –
- Register your phone number with your financial institutions so that every time you make a transaction on your phone, you don’t have to type your account number repeatedly. you can make a transaction with a one-time-password once the number is registered with your banker.
- Don’t tell anyone your identity codes, like your social security number, in public. When asked to provide a social security number, share it in a written format instead of speaking it out loud. You can request that the paper/ documentation be shredded once its purpose is fulfilled, or you can take it back and destroy it yourself. Always ask for the significance of sharing your personally identifiable information before handing it over.
- Change your PIN every quarter or more often if you suspect that you may be a victim of shoulder surfing.
- It’s not paranoid to think that you were being watched every time you use your screen in public. Coverup the screen when entering PINs or passwords as your actions may be recorded from a distance.
- Look for contactless payment options. You can use online wallets to pay for transactions without actually entering your account details or swiping your card.
- Verify the card reader before you insert your card to ensure that it is not a skimmer.
- Avoid using open wi-fi networks as cybercriminals can easily hijack the data-in-transit.
- To minimize the usage of a passcode on your smartphone, use a biometric scanner, like a fingerprint reader. Don’t forget to lock the screen immediately after use.
Identity theft is not a skill that only computer hackers use. Even low-tech thieves practice the art of shoulder surfing. This demands extra caution in the factual world, as online. By staying vigilant, you can protect your data and secure your identity.
Like shoulder surfing, there are many other attacks that can leave you vulnerable. What you may consider “small negligence” could lead you to a “big misfortune.” EC-Council offers a cybersecurity program for every internet user to ensure safe browsing practices: Certified Secure Computer User (C|SCU). The program covers all cybersecurity attacks that a computer user is prone to. The credential gives a valuable add-on to your profile as employers prefer to hire professionals who are aware of the best cybersecurity practices.