ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

What Is Shoulder Surfing?

Updated on May 6, 2014

Shoulder surfing will yield lots of information

Source

Shoulder Surfing

The best definition to be able to explain this in easy-to-understand language comes from Computerhope.com.

"A term used to describe a person that looks over another person's shoulder as they enter data into a computer or other device. For example, someone might shoulder surf when you are entering your computer password, ATM pin, or credit card number. Criminals often use use this technique to gain access to your personal accounts or read personal information, such as e-mails."

Not always, but most of the time, shoulder surfing happens when someone is being stalked. This is not your typical hacker or password thief.

These are people who hand-picked their target for whatever reason, but we can learn a lot from them to be able to change our routines.

Shoulder surfing can be done at a distance with binoculars, using a closed circuit TV (ceiling or wall, inside the ATM machine) or when someone is close enough to you to listen or observe.

They are looking:

  • to see your PIN at the ATM,
  • to view your bank account number at the forms desk, your password at the library or cybercafe or
  • if you'll give out your phone number while leaving a message with your cellphone.

Some people are very observant to listen when you order a lottery number on the spur of the moment, saying "Oh, I forgot to play my husband's birthday!" And now they have those numbers to add to their arsenal of knowledge.

Some people are very obvious when they do it.
Some people are very obvious when they do it. | Source

Different definitions

Urban Dictionary defines shoulder surfing: "To look over the shoulder(s) of a person with whom you are currently engaged in conversation to see if you can find someone 'better' to talk to."

But webopedia.com had a definition that was closer to what I was looking for to share with you:

"Shoulder surfing refers to a direct observation, such as looking over a person's shoulder, to obtain information. In some cases shoulder surfing is done for no reason other than to get an answer, but in other instances it may constitute a security breach as the the person behind may be gleaning private information such as your PIN at a bank machine, or Credit card information as you enter it into a Web based shopping cart check-out. While shoulder surfing is most common in busy and crowed areas where the perpetrator is not as likely to be caught, shoulder surfing can also be done with the aid of binoculars or cameras from a more remote location."

But the best definition was the one I included above from Computerhope.com

Very good video explaining shoulder surfing

ATM Skimmers

These skimmers are very hard to see.
These skimmers are very hard to see. | Source
replaced card slot
replaced card slot

Skimmers

The photos to the right are called "skimmers." These are devices that are used for the sole purpose of getting your PIN or password from a financial services machine.

These blocking devices are what a sophisticated shoulder surfer might graduate up to using. It traps your ATM card and denies access to your money. The reinstatement process is exhausting and it may take a very long time to marry you up with your money again.

There will always be lurkers and eavesdroppers in the form of a real person. But we should always be alert for devices that will do the same thing. Sometimes you can't even see them on a machine because they blend in with the equipment so well. (see photos)

What you need to know about skimmers

Skimmers are rarely seen by a victim even though they are in plain view. Not too many people approaching their ATM begin to look for a skimmer as the first thing. They are usually looking to see if there is a waiting line, if the machine doesn't have an "out of order" sign on it and if the area around it looks safe enough to approach.

Skimmers almost always work in tandem with a camera, either in plain view or hidden out of sight. The camera captures you putting in your PIN or password and it gives added validity to the skimmer which actually does capture it in real time.

If a person were to lean over in the line of camera angle while entering their PIN or password, the camera would not have a clear view.

Source
Source

On-Screen Keyboards

On-screen keyboards which are found on certain cell phones, computer Tablets and some ATM machines are a shoulder surfer's dream. The screen retains the information for up to 30 seconds after pressed and is available for recall to the screen.

Financial institutions now understand the dangers of passwords and PIN numbers being stolen by way of shoulder surfing, so some have taken measures to help protect the consumer.

PIN numbers and passwords are now obscured on the screen to help prevent spies from viewing the customer's information. However, it is not good enough.

Shoulder surfers can still see a victim's information on closed circuit replay, long distance cameras, and iPhones. In newer models, the numbers are hidden but the keys light up when pressed. It doesn't really help provide any measure of security.

Shoulder surfing is a problem of human nature, and companies will never be able to change human nature.

The best we can hope for is that they will continue to implement devices and safety features to help the consumer in their crusade to keep their personal information private.

Credit cards and phone bills

Certain models of credit card readers have a recessed keypad with a shield around the opening near the keypad. This shield makes shoulder surfing very difficult, because the line of vision to the keypad is skewed and limits the viewer from seeing it on a direct angle.

#

Check out this story about how the FBI illegally obtained thousands of Americans’ telephone records during the Bush administration.

Shoulder Surfing Scam

In 2012, in Belgium, police posted warnings, geared especially to senior citizens, about crimes involving the information obtained from shoulder surfing crime reports. They said that there is almost always a two person team when their "mark" (the victim) is at the ATM trying to do business with their bank card.

One thief distracts the victim by dropping a high denomination of money in plain view. The second culprit brings the victim's attention to the dropped money and engages him in conversation, taking his attention away from the ATM and his bank card.

The first thief sweeps in and takes the victim's ATM card and leaves the area. When the victim goes back to continue his transaction he finds the machine in "pause" position. Thinking the ATM card is stuck in the machine, the second culprit now offers his assistance. He suggests the victim to key in the PIN number again while he watches over his shoulder, committing the code to memory.

The thief tells the victim that the machine has eaten his card and that on Monday, he can get his card back from the bank. The victim agrees, assuming the card is stuck in the ATM, when in fact it is no longer in the machine because the first thief ran off with it.

Most of these scams take place on Fridays after the bank closed so the victim cannot make a physical report of the lost card (I guess they don't have a phone reporting system) and the two thieves have all weekend to empty out the bank account. The victim learns by Monday that the card was actually stolen, and that his bank account is at zero or near zero balance.

The Belgium report goes on to say that all the cameras at the banks show that it was the same two thieves each time. They have managed to hide their faces from the camera on every occasion so police have not been able to identify them.

Caught on tape: Crimes committed after shoulder surfing

Eavesdropping

Source
"Eavesdropping" by Eugene von Blaas
"Eavesdropping" by Eugene von Blaas | Source

Take care at the ATM

Cover the keypad whenever possible.
Cover the keypad whenever possible. | Source

Suggestions

Be aware of your surroundings and who is in your immediate area.

Don't get distracted while you are doing your bank business. If a distraction becomes too overwhelming, hit the STOP button and recover your card.

Never put your PIN in twice, especially if you are trying to recover a card that the machine has taken possession of. Note the date and time of the incident and report it to the HELP line of your bank. If possible, use your cellphone and do it while you are still at the ATM.

Always be suspicious of a Good Samaritan who offers to help you either at ATM, bank, public transportation kiosks, and any other area involving money exchange.

Cover your work the way you used to do in school so no one could copy your test answers.

If a computer screen is adjustable, turn it slightly away from the person next to you.

At the ATM, use both hands - one to cup over the keypad, one to key in your pin. If they have the side shields, make sure no one is directly behind you - insist on breathing space.

If you must leave your phone number in a message for someone, cover your mouth and speak only loud enough to make your message known to the receiving party or else call back when you are in a safer environment.

Never use a cellphone in a public bathroom or while waiting in line at Walmart type stores.

If you use computer libraries or cybercafes, change your password (use a different computer) as soon as possible. If you feel your PIN has been copied by anyone, ask for a new PIN.

If you don't want other people to know about your business, do your best to protect it from their eyes.

Be aware of the littlest of eavesdroppers. Parents have been known to pick up their smallest of children while standing in line and teaching them to repeat the numbers pushed on the keypad.

  • Don't be distracted while performing a bank transaction;
  • Never re-key your personal secret code to retrieve the ATM card
  • Never approach the kiosk while speaking on your cellphone. You will not be able to be alert and aware of anything going on around you.
  • If you lose your card, notify your financial institution immediately
  • Stay focused on your task; don't even answer your cellphone or have a conversation with anyone while waiting in line.

Trust your instincts. If an ATM machine doesn't look real, has parts you are not used to seeing on other ATM machines, or prompts you more than once for your PIN, abandon and report the machine to your HELP line.

Never use or transact any business around an ATM machine if there are people loitering and lingering around for no apparent reason. Busy areas will have high foot traffic, but watch for people, places or things out of place at the ATM machine. If you are in an isolated area, it is best to save your transaction for a better time.

Be aware of people watching people who are watching the ATM machine, or watching the line. If they are watching people, one might assume they are up to no good.

Be sure to read my hub "How Safe Are Your Passwords?"


© Rachael O'Halloran. March 25, 2014. All Rights Reserved.

No part of this article may be reproduced without prior permission from the author. Use the following link to refer to this article. Do Not Copy. TYVM


http://rachaelohalloran.hubpages.com/hub/What-Is-Shoulder-Surfing


© 2014 Rachael O'Halloran

Comments

Submit a Comment

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 2 years ago from United States

    ologsinquito, it is way too easy. lol Especially when people don't know to be aware of the tricks the perpetrators play. Dropping something on the ground, an overboisterous sneeze that makes them change their position closer to you or makes you move out of the line of germ spray, and so many more ways since I wrote this article.

    Thanks for stopping by to comment. :)

  • ologsinquito profile image

    ologsinquito 2 years ago from USA

    This is excellent information we should all know about. I've heard of skimming, but not shoulder surfing. Undoubtedly, technology makes this much easier.

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #rebeccamealey - Thank you for visiting and leaving a comment. I try to be very detailed in my articles and I hope you'll see some others that are interesting to you too. It is so important to keep our passwords and personal information safeguarded because it is the one area that can destroy all other parts of our life. It all begins in the pocketbook, because without funds, we cannot go on in our present lifestyle or any lifestyle. A wipeout can occur with even just a little info, like PIN or social security number.

    Thank you for reading,

    Rachael

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #Vellur - This is especially true in cities, states and countries where poverty levels have risen much over the last few years. These are high crime areas now, and since the ones not doing the crimes are so sophisticated, this method is the line of least resistance requiring little or not experience to be able to easily get information. Let's not make it too easy for them! TYVM for reading my article and for sharing and voting.

    Rachael

  • rebeccamealey profile image

    Rebecca Mealey 3 years ago from Northeastern Georgia, USA

    Wow, this is very complete and comprehensive. Thanks for the tips to keep pins and passwords from being stolen.

  • Vellur profile image

    Nithya Venkat 3 years ago from Dubai

    Great hub, useful and informative. We must be aware of our surroundings all the time as you have stated. A valuable hub, thank you for sharing. Voted up.

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #Faith Reaper,

    Thank you :)

  • Faith Reaper profile image

    Faith Reaper 3 years ago from southern USA

    You are so wise and thank you for sharing your great idea about that particular scenario. I will do the same!

    Have a great rest of the week.

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #Faith Reaper

    Thank you so much for your enlightening comment. I knew of such happenings in stores years ago but you bring up a good point about reciting a phone number out loud.

    My husband laughs at me when I do this, but I keep a post it note in my credit card section of my wallet that has my phone number printed in large numbers (done on my computer printer) and every time a cashier asks for my phone number when they want to look up your account for something or after looking up my address to verify my identity or if by chance I forgot a store card or (lately) to sign the back of my credit card (which I will not ever do again), I whip out that post it note and show it.

    It used to get beat up pretty good from over-use, so now....yep, if you haven't guess it - it is laminated! He gets such a kick out of watching me say absolutely nothing to the cashiers/managers and showing them the paper. Directly under the phone number in larger letters on the paper it says:

    If you recite this number out loud, you will be looking for a job tomorrow.

    Because it is a natural to recite it when reading it to yourself to transfer to the register or to another cashier next to you. So many times that has happened and I roar "WHAT THE HELL DID I WRITE IT DOWN FOR, AND MAKE A DEAL OF TRYING TO KEEP IT QUIET, IF YOU ARE GOING TO BROADCAST IT ANYWAY!!!" So now the note under the phone number is in place.

    If I carried all the store cards in my wallet or their fobs on my key chain, my keys would be more cumbersome than they are.

    I do the same thing with two separate "laminated" post it notes listing my social security number on one and address on another because stores and banks ask you for very personal identification information out loud and you are a sitting duck for big ears in the vicinity.

    Thank you for coming by (and the follow!!), sharing and votes, and leaving a comment that will surely inform readers long after they are done reading this hub.

    Rachael

  • Faith Reaper profile image

    Faith Reaper 3 years ago from southern USA

    What an eye-opener of a hub here! Thank you for writing on this important topic and bringing awareness to such ongoings in this world. I have always been suspicious of the "good Samaritan" when one happens to be dealing with money. When I was very young and worked as a cashier at a grocery store, I seemed to be aware when someone was trying to pull a switch on me when giving them their change back. This was back in the days prior to the "beep beep" cashiers, when we had to figure tax and make change in our heads and manually key punch the items in the register under whatever category would apply, i.e., "Meat" lol. I stopped a would-be thief and my manager seemed to be surprised, although, so young, I did not allow the man to take advantage of me with money changing hands. My supervisor told me that the man was known to do such.

    I will sure to be aware at the grocery store myself nowadays, after reading this, when in the check-out line, as there is a particular grocery store chain that offers discounts if you have their card. If you do not happen to have the card handy or on you at the time, or it is just sometimes easier, they will ask you what your phone number is, and I will just state it out like everyone else does. I will be mindful to dig out my card next time!

    Up and more, tweeting, pinning and sharing

    Hope your Monday is lovely. I am enjoying the day off, so mine is really great!

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #DDE

    There are so many tricks out there, I've but just touched the surface. Keep alert and aware, is all anyone can do.

    Thank you for reading and for your comment

  • DDE profile image

    Devika Primić 3 years ago from Dubrovnik, Croatia

    Greatly mentioned and thought of I had no idea of shoulder surfing it just did not occur to me of the real meaning you certainly said it all here.

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #teaches12345 - You're welcome. Thank you for reading and for your comment.

  • teaches12345 profile image

    Dianna Mendez 3 years ago

    Thank you for defining this term. Also, very thankful for the education on how to prevent it.

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #Glenn Stok - Thank you for your praise and I'm glad you are aware of your surroundings. In a world of distractions, it is not always easy to keep on top of that and the thieves are counting on it.

    Thank you for reading and for your comment.

    Rachael

  • Glenn Stok profile image

    Glenn Stok 3 years ago from Long Island, NY

    It's unfortunate that so much of this is going one. Your hub is very useful and it's important for everyone to be better educated about how thieves play games to get access to someone else's account. I didn't know there was a name for it: shoulder surfing. I'm always cautious if anyone else in around me at an ATM, but I can see how shoulder surfers work at distracting someone accessing their account on an ATM.

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    Well, I'll tell you that would have been one of those moments where my husband makes like he doesn't know me because I would have made enough noise to have her fired for violating your rights and every other customer she had in line.

    By the way, you can go on the bank's website and lodge the complaint with the person's name, branch, etc. all confidential, of course. If she did it to you, she's probably done it before, and no doubt will do it again. Fire her butt! lol

    Thanks for reading and commenting,

    Rachael

  • CraftytotheCore profile image

    CraftytotheCore 3 years ago

    There is a bank in town that was offering free checking accounts. I was already a member because I had my car loan through them. So I went to open a checking account. The teller started reading out loud my membership number and social. I asked her to stop and so she turned her monitor around so that the whole bank could see my personal information. I was so upset I demanded to speak to a manager. I couldn't believe in this day and age when identity theft is so prevalent, the teller would be so clueless as to do this.

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #nighthag - thanks for reading and for your comment.

  • nighthag profile image

    K.A.E Grove 3 years ago from Australia

    its amazing the way criminals always come up with clever new ways to rip people off. imagine what they good do for the world if they turned that inventiveness to helping others

    a great hub full of useful advice... thank you

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #vkwok - Thanks for reading and commenting

  • vkwok profile image

    Victor W. Kwok 3 years ago from Hawaii

    Thanks for sharing these interesting facts.

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #bravewarrior - It is a most scary world these days and it is everywhere. What we think of as a nuisance (someone looking over our shoulders) is actually the basis for a crime against us. We tsk tsk the person as we walk away or hide our information from view and never think about what could happen to us if they acted on what they saw. Some crooks are not sophisticated and some are pros at it. Better to be safe than sorry, I say.

    Thank you for reading my hub.

    Rachael

  • bravewarrior profile image

    Shauna L Bowling 3 years ago from Central Florida

    What a scary world out there! Jeez, I think I'll stay home today.

    Good information, Rachael. Thanx for the warning!

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #Hi alancaster149 - lol @ dandruff!

    Sad to say, as you describe the shady ones, it seems like that all over the world.

    Two of the articles I gathered information from were in Belgium and Germany, mostly targeting senior citizens who were either going to deposit checks or get money from ATM. Why everyone doesn't have direct deposit, I'll never know - that would eliminate half of the problem. Getting money out by ATM is the other half - maybe going inside to a teller would be better, who knows?

    But as you can see from my other article on Password Safety, even direct deposit didn't save me from my Social Security check getting redirected and my account was closed. I don't frequent ATM machines. When I go to Walmart or one of the stores each month, I take cash back on our debit card and that is our money for the month. No need to go to the bank. Before the incident in November, I haven't been inside the bank in over 4 years. lol

    Thank you for reading and commenting. Good to see you.

    Rachael

  • alancaster149 profile image

    Alan R Lancaster 3 years ago from Forest Gate, London E7, U K (ex-pat Yorkshire)

    And I thought 'shoulder surfing' was brushing off the dandruff!

    Seems everybody's after an easy way to - somebody else's - free cash. We've got all sorts of freeloaders here as well, not only light-fingered Romanians but Brits as well. You can't trust anybody, and I always look over my shoulder before I use ATM's - anywhere.

    We have some shady characters who hang around ATM's and post offices - especially when many OAP's still go to collect their pensions on certain days. I have all mine paid into my bank (two small occupational pensions and state pension), but there are still the older ones that don't trust banks, (a hangover from the Depression).

    Handy Hub-page, Rachael. Useful to know

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #Thank you Eddy for stopping by to read and comment.

    Rachael

  • Eiddwen profile image

    Eiddwen 3 years ago from Wales

    Very interesting and thanks for this great share.

    Eddy.

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #billybuc

    I'm glad you stopped to read my hub. Thank you.

    Rachael

  • RachaelOhalloran profile image
    Author

    Rachael O'Halloran 3 years ago from United States

    #MsDora,

    I think it is important to know how devious people can be to get our private information and what lengths they will go. Although I only gave a few suggestions, there is much more to learn on how to protect ourselves. Thank you for your praise and comment.

    Rachael

  • billybuc profile image

    Bill Holland 3 years ago from Olympia, WA

    I had to stop by just to find out what it meant. :) Now I know.

  • MsDora profile image

    Dora Weithers 3 years ago from The Caribbean

    Rachael, the term is new to me, but it makes sense. Thank you for this very important information, and your suggestions to avoid becoming victims. Excellent!