Posts

What is Shoulder Surfing?

The next time you’re in a public place and glued to your smartphone or tablet — whether it’s at the gym, a coffee house, the airport, or just a park bench— know that someone might be peering over your shoulder to see what you’re doing. The snooper could just be curious, or they could be trying to capture your login information so they can use it to access your accounts impersonating you later on.

4DThis behavior is called “shoulder surfing”, but it doesn’t always mean that someone is literally looking over your shoulder. It can also be done from far away, using binoculars or even a small telescope.

That’s why you should always work with your back tightly against a wall. If that’s not possible, be aware of who’s around you, or behind you, and try to shield your screen. Of course, shoulder surfing can also occur at the workplace where giant computer screens are facing outward for anyone walking by to see.

And it isn’t just the screen contents that the thief wants. A skilled thief can watch the user’s finger movements to pick up on passwords and login information.

Shoulder surfing can be completely concealed in settings where people are normally packed together, such as on public transportation, airplanes, concert halls, or even a busy emergency room.

Think of how easy it would be for you to watch what the person next to you is typing, especially if they’re wearing a headset and oblivious to their surroundings.

The fact that this is an easy way to steal information is what makes it so common. A study of commuters in the UK found that 72 percent shoulder surfed—mostly out of boredom rather than for fraudulent intent, but that just goes to show how easy it really is.

Here’s some simple ways to protect yourself from should surfing when entering or accessing personal data on your devices:

  • Look for an area where your back is against a wall.
  • Be aware of your surroundings at all times, not just people but also video cameras.
  • Consider using a screen protector to obscure the visibility of the display.
  • Save your personal, business and financial matters for when you are in the privacy of your own home.

So whether you’re just surfing social media sites at a coffeehouse, or an executive trying to catch up on work on a plane, make sure that you keep an eye out for anyone whose eyes are glued to your screen.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Most Unwanted Criminals: Phishers, Shoulder Surfers and Keyloggers

McAfee’s most unwanted criminals have included pickpockets, Trojan viruses, and ATM skimmers, dumpster divers, spies, and wireless hackers and now phishers, shoulder surfers, and keyloggers. Identity theft can happen online or on the ground to anyone with a pulse, and even to the deceased.

The key is awareness, vigilance, and investing in products and services that are designed to protect you.

Tony “Big Phish” Morgan sends emails that appear to come from a trusted source, soliciting login credentials or sending recipients to spoofed websites. Either way, he wants to take over existing accounts and gain access to more data on the server or your PC. Phishing emails may look like a legitimate monthly statements or obvious Nigerian 419 scams laced with scammer grammar. Phishers have stolen over a quarter billion from victims and counting.

The first rule for protecting yourself from phishing is never click on links in emails. Use your bookmarks menu or manually type in the address of the website you’re looking for. McAfee Site Advisor software provides risk ratings for websites that come up when you do a search.

Wandering Eyes” Willie is a shoulder surfer, using his eyes, binoculars, hidden cameras, or more likely, a phone with video capabilities to peer over shoulders in Internet cafes or checkout lines, capturing account data and PINs. If you are standing in a checkout line and someone nearby seems to be looking at his phone, which happens to be a camera phone pointed in the direction of your credit or debit card, he may be shoulder surfing.

Watch out for “wandering eyes.” Cover your phone’s keypad when entering usernames or passwords. In an Internet café, choose a seat with your back to the wall.  Use complicated passwords that are harder to crack.

Francis Scott Keylogger can smoothly infect your computer and track all your online activity, recording every username and password you type. An outdated browser is more vulnerable to picking up keylogging software when surfing an infected website.

Keyloggers can hide in hardware or software, so run antivirus and anti-spyware programs to eliminate viruses, but also check the back of your PC for devices that may be piggybacking on your keyboard.

To ensure peace of mind and have a fraud resolution agent assist in identity theft restoration, —subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)