Shoulder Surfing in Social Engineering Attacks

by

January 26, 2022

Social engineering isn’t concerned with either novelty or elegance. All that matters is whether it works. ESET’s Jake Moore described a case in point: “All someone might need to gain access to your account is look over your shoulder at the right moment, just like the kid at the next desk trying to cheat on a test back in elementary school. I recently looked at the top 10 free apps on the Apple App Store and decided to target one to see if I could take control of someone else’s account.” Moore settled for Snapchat for his test.

Sitting near a friend (from whom he’d obtained permission to attempt an account takeover, on the condition that he promised not to do anything with the account once he’d hacked it), he entered her phone number into Snapchat, said he’d forgotten the password, and requested a password reset. Then he watched for the pop-up confirmation to arrive on the friend’s phone, saw it, reset her password, and had control of her account.

Now, this was a demonstration, but the point is to remain aware of where you are, and what’s going on both in your surroundings and on your device. In this case, the test subject noticed neither the shoulder-peek nor the popup on the phone.

“Shoulder surfing as such is best thwarted by preventing anybody from covertly looking at your screen when you enter sensitive information into an app or website, especially in public places,” Moore wrote. “Better still, make sure you turn off notification previews so that they’re hidden from prying eyes when your phone is locked. Also, be sure to actively monitor your SMS messages when using your phone or tablet around other people.”

Stop, Look, and Think. Don’t be fooled.

We're Integris. We're always working to empower people through technology.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...