The Art of Shoulder Surfing

Shoulder Surfing – Another method social engineers use to gain access to information is shoulder surfing. A shoulder surfer is skilled at reading what users enter on their keyboards, especially logon names and passwords. This skill certainly takes practice, but with enough time, it can be mastered easily. Shoulder surfers also use this skill to read PINs entered at ATMs or to detect long distance authorization codes that callers dial.

Shoulder Surfing – ATM theft is much easier than computer shoulder surfing because a keypad has fewer characters to memorize than a computer keyboard. If the person throws away the receipt in a trash can near the ATM, the shoulder surfer can match the PIN with an account number and then create a fake ATM card. Often shoulder surfers use binoculars or high-powered telescopes to observe PINs being entered, making it difficult to protect against this attack.

Many keyboard users don’t follow the traditional fingering technique taught in typing classes. Instead, they hunt and peck with two or three fingers. However, shoulder surfers train themselves to memorize key positions on a standard keyboard. Armed with this knowledge, they can determine which keys are pressed by noticing the location on the keyboard, not which finger the typist is using.

Shoulder Surfing – Shoulder surfers also know the popular letter substitutions most people use when creating passwords: $ for s, @ for a, 1 for i, 0 for o, and so forth. Many users think p@$$w0rd is difficult to guess, but it’s not for a skilled shoulder surfer. In addition, many users are required to use passwords containing special characters, and often they type these passwords more slowly to make sure they enter the correct characters. Slower typing makes a shoulder surfer’s job easier.

A common tactic of shoulder surfers is using cell phone cameras to take photos of unaware shoppers’ credit cards in supermarkets and stores. With this technique, they can get the credit card number and expiration date. Combining this technique with observing the shopper entering his or her PIN increases the risk of identity theft.

Shoulder Surfing – With so many people taking their laptops to the airport, commercial airlines warn customers to be aware of shoulder surfers. In the tight confines of an airplane, someone could easily observe the keys pressed and read the data on a laptop monitor. Products that prevent off-axis viewing of screens, such a screen overlays or a security lens, are recommended for travelers. Many employees conduct business on airplanes, and shoulder surfers can use the information gathered there to compromise computer systems at the company.

To help prevent shoulder-surfing attacks, you must educate users not to type logon names and passwords when someone is standing directly behind them—or even standing nearby. You should also caution users about typing passwords when someone nearby is talking on a cell phone because of the wide availability of camera phones. To further reduce the risk of shoulder surfing, make sure all computer monitors face away from the door or the cubicle entryway. Warn your users to change their passwords immediately if they suspect someone might have observed them entering their passwords.

When you’re entering your long-distance access code at a pay phone, a shoulder surfer holding a calculator while pretending to talk on the phone next to you can simply enter each number you dial into his or her calculator. With this method, he or she doesn’t have to memorize a long sequence of numbers. The calculator entry contains the access code for placing a long- istance call charged to your phone card.

If You Like The Blog Drop A Comment For New Blog For More Hacking Blogs Click Here

If You Want Hacking Content In Hindi Visit My New Site Exploitbyte.in

Related posts

Leave a Comment