SCAM OF THE MONTH: Shoulder Surfing is Still a Thing for Successful Social Engineering Attacks


January 26, 2022

Social engineering isn’t concerned with either novelty or elegance. All that matters is whether it works. ESET’s Jake Moore described a case in point: “All someone might need to gain access to your account is look over your shoulder at the right moment, just like the kid at the next desk trying to cheat on a test back in elementary school. I recently looked at the top 10 free apps on the Apple App Store and decided to target one to see if I could take control of someone else’s account.” Moore settled for Snapchat for his test.

Sitting near a friend (from whom he’d obtained permission to attempt an account takeover, on the condition that he promised not to do anything with the account once he’d hacked it), he entered her phone number into Snapchat, said he’d forgotten the password, and requested a password reset. Then he watched for the pop-up confirmation to arrive on the friend’s phone, saw it, reset her password, and had control of her account.

Now, this was a demonstration, but the point is to remain aware of where you are, and what’s going on both in your surroundings and on your device. In this case, the test subject noticed neither the shoulder-peek nor the popup on the phone.

“Shoulder surfing as such is best thwarted by preventing anybody from covertly looking at your screen when you enter sensitive information into an app or website, especially in public places,” Moore wrote. “Better still, make sure you turn off notification previews so that they’re hidden from prying eyes when your phone is locked. Also, be sure to actively monitor your SMS messages when using your phone or tablet around other people.”

Stop, Look, and Think. Don’t be fooled.

We're Integris. We're always working to empower people through technology.

Keep reading

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...

7 Signs Your Denver Business Needs a Tech Update

Regardless of size or industry, technology is an essential part of every Denver business. That being said, technological improvements and advancements can develop quite quickly, leaving some businesses scrambling to keep up. While many businesses cite expenses in the...

Cybersecurity best practices for Boston Businesses

Securing your businesses sensitive data, networks, and devices is non-negotiable in the technologically-driven world we live in. Whether you are a small business or or corporation in Boston, it is imperative that you prioritize cybersecurity. It is no longer enough to...