Do you still imagine hackers as hooded people in basements? Well, Shoulder Surfing completely breaks the stereotype.
This hacking method is used to pass basic security barriers, without technical knowledge.
So how does it occur, exactly?
That’s what I’ll explain below, to help you prevent it later on.
What Exactly is Shoulder Surfing (Computer Science Explanation)
It is as it sounds: someone looks over you to obtain confidential data.
Imagine the scenario where you go-ahead to the nearest ATM to withdraw some of your hard-earned money. You insert the card and input the PIN numbers, then type the amount of money you want to receive. You take it, retrieve the card and go back home with it…
Just to find out that there was another withdrawal in your account minutes later.
Someone behind you from the line took a look at your PIN number and accepted when the machine asked “Would you like another transaction?”
Situations like this one can repeat in the office, an internet café, as well as any other place where you use your personal information.
Again, non-techy criminals can take advantage of this without keyloggers, malware, or expensive devices.
In extreme situations (heist or espionage), criminals would prefer to use the smartphone camera or some binoculars. But 90% of the time, their attentive eyes and ears are enough.
“How different is Shoulder Surfing from Tailgating?” – You might ask.
While today we talk about the act of hovering someone’s shoulders to get passwords and other valuable credentials… Tailgating is to seek direct, unpermitted entrance to a place by following a user who does have the permission.
You can learn more about Tailgating on a specific article we wrote about it.
How to Avoid Shoulder Surfing At All Cost (Prevent & Defeat)
Preventing shoulder surfing is easy. Defeating it, not too much.
In the meantime, more than just explain what it is about… I’ll do my best to give you everything, enough to avoid shoulder surfing at all costs.
These tips will highly decrease the chances:
1) Install a Privacy Filter: They’re polarized plastic sheets that block all adjacent visibility of the screen. Shoulder Surfers would see everything black, while you would see it as it is.
2) Block Eyesight when Signing Into Accounts: Don’t want to add the plastic mentioned above? You can either stay far away or form a physical barrier between you and others.
3) Block the Screen of Devices when you stop using them
4) Try Accessing into your Account’s Credentials Privately
5) Avoid transferring money on a public Wi-Fi connection
6) Choose long, complex, hard-to-break Passwords for your Accounts
7) Use a Password Manager: This software (and sometimes, hardware) lets you save all your passwords into one place to avoid writing it again and again. Password Managers are protected by a Master Key.
8) Use Two-Factor Authentication: Your credentials got stolen? With 2FA, criminals will need to pass an additional security barrier to get in.
Are you Going to be a Victim of Shoulder Surfing?
The chances of becoming a victim of shoulder surfing are close to none.
At least they are slim if you are thoughtful about it.
It also depends on several factors like your type of job or financial situation.
Surprisingly enough, revenge is among the most common reasons for shoulder surfing.
To give you an example: Edward Snowden is an IT specialist who worked with the NSA.
He’s mostly known for whistling some governmental secrets. While he stays protected in Russia, there are many people who would like to take it back home and watch him closely.
So he and others of the kind do as much as possible to never get their credentials exposed.
He’s the one shown on top, as the “Featured Image,” covering his head with a blank.
You don’t have to reach that line of severity, but at least be aware and take enough measures prior to this happening to you.
It’s better to stay safe than sorry.
Practice safe and smart habits to not avoid this simple but destructive method of hacking.
And stay close to us. Our MyITGuy experts will protect your assets at any time, any moment is needed.