Have you been in an airport lately and noticed the large number of travelers using their laptops, tablets or mobile phones? While some people travel for leisure to escape always being “connected”, there are others who find it necessary to stay in touch. We’ve all encountered them: the businessman with the laptop, the real estate agent updating her contacts, and the self-centered individual that’s making reservations with a credit card over the phone.
Unfortunately, this kind of behavior leaves the traveler vulnerable to “shoulder surfing” techniques frequently used by identity thieves in this kind of overcrowded, and often-times chaotic, environment. Our friends at Wikipedia define shoulder surfing as: using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is particularly effective in crowded places because it is relatively easy to observe someone as they:
- fill out a form
- enter their PIN at an automated teller machine or a POS terminal
- use a calling card at a public pay phone
- enter passwords at a cybercafe, public and university libraries, or airport kiosks
- enter a code for a rented locker in a public place such as a swimming pool or airport.
Let’s add to that the following opportunities which can also be easily exploited by a “shoulder surfer”:
- Entering personal information on your laptop while sitting next to a stranger. Are you aware of where that stranger’s attention is being focused?
- Entering credit card information on your hand-held tablet while the person in line next to you shoots video from his phone. Is that camera aimed in your direction?
- Confirming your hotel reservation with credit card information while talking on your cell phone. Can your conversation be overheard?
OK, so what is a traveler to do when they find themselves in this kind of frenzied environment?
- Find a quiet spot along the outer fringes of the waiting area.
- Locate an area where you can sit or stand with your back to the wall.
- Be aware of your surroundings at all times, not just people but also video cameras that might be taking video of your actions.
- Invest in some type of security screen or filter to obscure the visibility of your monitor.
- Never verbalize passwords or security codes.
The best tip, however, is to not engage in personal, business or financial matters while in this type of situation.
Thanks Karen,It’s really some very very helpful tips.Now a days most of the identity theft information is not reliable.Most of us are not aware of these including me. But sometimes we bound to do these……can you name some type of security screen or filter for monitor?
Hi Karen and Nilava,
I am researching for my PhD in this area, specifically addressing if businesses actually do loose data through shoulder surfing. It is a little different from the shoulder surfing of personal data which can happen in an organised way, especially at ATMs or airports where people are inputting information in a public place. For Nilava I would say that I have come across 2 solutions. Firstly there are the 3M privacy screens which restrict viewing to a narrower area so defend you from people looking from the side. Also, for a more robust solution there is a software solution from Oculis which is discussed in this article – http://www.scmagazineus.com/keeping-an-eye-on-the-prize-privateeye-from-oculis-labs/article/205526/
On the whole, while I agree with Karen and ‘just don’t’ is the best way, in our modern age of mobile computing it is also helpful to consider a few tips for when you must.
1. If possible, stand or sit so there is a wall at your back (without a mirror or reflective glass) so you can be sure who is behind your shoulder.
2. If you must use your credit card on line in public learn the 3 digit code from the reverse side so you don’t turn it over. This reduces the chances for the number to be used.
3. Keep a close eye on your accounts, banking and credit card, especially when you move around a lot – but do do it at home not through hotel, or airport WiFi. I hope these help a bit.
If you are interested in my work then reply and I will give you contact details.