What is a type of attack where the intruder observes authentication secrets such as a combination or PIN?


1 Answers

Lynn Blakeman Profile
Lynn Blakeman answered
An attack that involves the intruder gaining authentication secrets such as a combination or PIN is called shoulder surfing.

Shoulder surfing is an easy way to get information. Especially in crowded places where people can stand behind, or next to, someone and watch as they enter their ATM pin or fill out a form with their address details.

To prevent shoulder surfers gaining information from us, it is important to shield the keypad when entering your ATM number, etc.  Also, block the view of others when filling in a form by using your hand or, if possible, moving away from everyone.

Shoulder surfing is also done when the 'victim' is entering personal details on a computer, such as online shopping. It is important to be conscious of who is standing behind you, or walking past, when you are doing this.

I hear that shoulder surfing can also be done from a distance using a camera or binoculars so even if no one is standing behind us, it seems we still need to be careful!

Answer Question