Shoulder Surfing



Lookout For Shoulder Surfing When Entering Sensitive Data.

When you read or hear on the news, that hackers and the like have compromised and obtained a given user's sensitive credentials, I'd say It's safe to assume that your first Impression, Is that It was done by Infecting their computer with a virus. Or In the case of social engineering, simply SEing the target and grabbing their details thereafter.

Whilst this Is certainly true In Its entirety, by no means Is It the only way to obtain such Information. Social engineers have been using what's called "shoulder surfing" for as long as I can remember, and provided the target/victim Is physically present, It's a very effective way to grab (for example) a person's username & password without even touching their device, nor any form of communication with the victim. So let's have a look at what "shoulder surfing" Is all about.

Shoulder Surfing Defined:

As Its name suggests, shoulder surfing Is used by social engineers to look over the shoulder of their victim, as they're entering/ typing their user credentials Into their computer or cell phone. The objective Is to memorize the details entered- such as usernames & passwords typed by the victim when logging Into their online account, such as Facebook. 

As simple as It may sound, the social engineer does require a good set of skills to not only mentally capture the keys entered, but to also memorize each and every keystroke. To assist with this, as the victim Is typing away, the SE'er will enter every detail Into his cell phone and save the results. As such, say goodbye to your account! In order to protect against shoulder surfing, you need to know how to Identify It, so let's cover that now with a general scenario.

What To Look For In Shoulder Surfing:

So you've taken all the necessary security measures to create strong passwords for all your accounts, therefore your login credentials are safe and secure. Or are they? How about the new receptionist, who's watching your activity on your PC whilst you're keying In your password at work? Or the young man who's seated right behind you on the train, and Is looking over your shoulder as you're In the process of logging Into your Netflix account? 

Yes, these Innocent-looking people are social engineers who are extremely calculated and methodical with their approach toward stealing your credentials right before your unsuspecting eyes. A lot of social engineers pretend they're In conversation on their cell phone- just to give them reason to hang around and observe the details that you type Into your computer or cell phone. It's paramount to take precautionary measures and protect yourself at all times. 

How To Protect Against Shoulder Surfing:

Thankfully, there are no tools Involved nor the need to purchase any expensive service to protect against shoulder surfing. The only thing that's required, Is your "brain" and to train yourself to make It a habit to be mindful with every move you make when keying In your username & password

Simply put, be aware of your surroundings, by looking over your shoulder every time you authenticate via PINs, passwords and the like. Where possible, as you're entering your credentials, keep your device as close as possible to your body, with the Intention of concealing the keystrokes typed. Also, be sure to not press the "password reveal button" In the Input field of the login form, but rather have It hidden behind the asterisks

These are just a few basic tips, that can make all the difference between keeping your account Intact, or having It compromised due to bad practice on your end. As you can see, It doesn't take much effort to protect yourself against shoulder surfing, so you have no excuse not to take these measures on board as part of your overall security awareness and defense. 





Comments


Popular Social Engineering Posts