Shoulder surfing is where an attacker can physically view a victim’s device and screen to steal personal information. The attacker records the information and most likely uses it for identity theft.
Examples of Shoulder Surfing:
Logging onto online accounts in public places can allow the attacker to view your screen and keypad and copy your login information. When using ATMs, an attacker can watch you enter your PIN and could use that to complete other transactions that do not require your card. If you are talking about confidential business or private information on the phone in public, someone could listen and record any information you wish to remain private. Or, there could be live microphones in your area, and they could be picking up on the content of your conversation. Hot mics can be transcribed into text. Examples of this happen in public places where people disclose confidential information. Shoulder Surfing is very common at ATMs in Europe. Criminals affix micro cameras to the ATM terminal and then use the video to record your card number and pin.
How to Protect Yourself from Shoulder Surfing Attacks:
Always be aware of your surroundings. Ensure no one can see you input your passwords, social security number, or bank information into your device. Always ensure you are in a private place when speaking on the phone about confidential subjects. Implement two-step authentication. Two steps authentication makes it more difficult for someone to hack into your account even if they obtain your password. Add a privacy screen. Certain manufacturers sell privacy screens that make it difficult for anyone else to see your device’s screen, which can be protective if you log into private accounts or want to keep any information confidential. This is crucial to have on Airplanes. Use your fingerprint or facial recognition to log in whenever you can. This allows only you to log in to your account and prevents an attacker from shoulder surfing and seeing you enter your password.
How Agency Can Help Protect You:
Agency offers enterprise-grade cybersecurity to individuals and families. We also provide personal identification removal from data brokers as well as 24/7 active monitoring of devices. All of this is backed by a $1m cyber insurance guarantee.