Shoulder surfing is a term used to describe a person who looks over another person’s shoulder as data is entered onto a device such as a computer, smartphone, ATM or PIN pad.  Virtually any public area is at risk for shoulder surfing where you are entering personal information such as passwords and PINs.

Criminals use this technique to gather information with the use of eyesight or other optical devices, such as mini camcorders and camera phones in hopes of gaining access to your personal accounts or to read your personal information such as emails and financial statements displayed on your screen.  Even from a distance of 15 or 20 feet, sharp-eyed criminals can see your screen or entered data.

Shoulder surfers can be found around ATMs and other cash machines.  These machines can be found in convenience stores, parking lots, sporting venues, outside of buildings, and even in the local DMV office.  Public places such as airports and internet cafés can also be targeted for shoulder surfing attacks.

Protect yourself

Always watch your surroundings by staying alert, not allowing yourself to be distracted.  At a cash machine, stand as close as possible to the machine.  Cover the key pad with your free hand as you enter your PIN to protect it from being seen by others.   If you notice someone watching you or crowding over you too closely, cancel the transaction and go to another machine.

At work, try positioning your computer screen away from others.  If possible, make sure passwords are not visibly seen when typing them in.  As you type, the shoulder surfer would then only see characters such as dots or stars instead of the actual password.  Many devices have a hide password checkbox or link to hide the password while you are entering the characters.

When traveling, be mindful of people around you at airports, airplanes, bus and train stations as you use your devices.  Also be extremely careful while using your devices in café environments to surf the internet.

Summary of tips

1. Watch your surroundings
2. Stand as close as possible to cash machines
3. Move your computer screen away from others
4. Mask or hide passwords on devices
5. Cover key pad with your free hand to better protect your PIN

Next Tuesday’s topic:  Hyperlinks

Image Credit

Share on Tumblr

Mobile devices such as phones, tablets and laptops have become one of the primary ways we communicate and interact with each other.  The power of a computer is now at our fingertips, allowing us to talk or send messages to virtually anyone around the world.  However, with all these convenient features come risks.  Attacks aimed at mobile devices are progressing much more rapidly than attacks aimed at PCs.

What are the risks?

Loss & theft

One of greatest features about mobile devices is being able to take them wherever you go.  This portability makes them susceptible to loss or theft.  Once in the hands of someone else, all of your private information such as emails, text messages, contacts, photos and even browsing history can be recovered.

Mobile devices come with the ability to set a passcode or password to gain access to and use the device.  To protect yourself, be sure to set up a passcode or password on your mobile device to keep it locked if lost or stolen.    This helps to prevent unauthorized individuals from gaining access to your data.  I will talk about tools to help find your device in a future post.

You can also set an idle timeout that will automatically lock the device when not in use.  This also prevents unauthorized access to your data.

Text message phishing

Short Message Service (SMS) allows you to quickly send and receive short text messages.  These messages have become a common method for attackers to fool users into giving personal information.  Similar to traditional email, attackers send SMS messages that appear to be from someone you trust or from an organization such as your bank.  That trust is then exploited by the attacker who is pretending to be your bank and asks you for personal information.  Smishing is the term used for phishing attacks via SMS.

As with email, do not trust any message that asks you for your personal information.  Even if you can verify the sender, be sure to ask why your personal information is being requested.

Vulnerabilities

Cyber criminals are always looking for new vulnerabilities in mobile devices.  Vulnerabilities are unintended flaws in a system or in software that pose a threat like exposing personal data.

Keeping your software up to date, including operating systems and installed apps, helps protect your device from attack and compromise.  Do not “jailbreak” or “root” your device.  This removes the manufacturer’s protection against malware and removes any security measures that were originally in place.

Obtain your apps from trusted sources such as the Apple iTunes Store, Google Play, Windows Phone Store or the Amazon App Store for Android.  This helps you to avoid malware that is commonly distributed through apps.

Next Tuesday’s Topic:  Shoulder Surfing

Image source

Share on Tumblr