Saturday 28 November 2015

This Is How China Curb Shoulder Surfing

Source: http://www.itdglass.cn/product/60070331294-219231936/ITD_SF_BAK_007_bank_curved_ATM_door.html

In China, banks had taken great approaches to prevent shoulder surfing. ATM booth is designed in a way that only one user is allowed to enter at a time when ATM transaction is performed.  User could also ensure that the surroundings is safe from any suspicious persons before entering or leaving the booth. This booth serves as a protective cell for ATM user to safely pack their valuable stuffs before leaving. The ATM booth is also comes with the intercom system for the user to seek for help in case they notice any suspicious strangers loitering around. At the same time, the announcement will keep reminding the users to be aware for their surroundings.



Shoulder surfing video clip



A youtube video clip by Erina White Pace University NYC campus
Source: https://www.youtube.com/watch?v=wsbzK047gYk

Friday 20 November 2015

“Shoulder Surfing” related regulation

In the perspective of public employment hiring, shoulder surging could be a very serious issue. It acts as the coercive tactic against applicants vying for a job and pose threat to the privacy of applicants.

  • In May 2012, Maryland Governor Martin O’Malley signed the first legislation designed to prohibit any sacking or punishment when employees refuse to reveal their login credentials for social network sites.
  • Similar laws had been enforced by Arkansas, California, Colorado, Illinois, Michigan, New Mexico, Utah, Vermont, Washington and New Jersey.
Source: http://yourpartnerinhr.com/archives/blog/shoulder-surfing-legislation-update/

Wednesday 18 November 2015

Tips to prevent “shoulder surfing”???

1.     Use body or cupping one’s hand to hide the paperwork or keypad from view when filling the personal data form or entering password.
2.     Ensure that you are in a secluded location or get a place with the back facing the wall when login into the private site or working on the laptop.
3.      Always be aware of your surroundings, be it people or the CCTV that may “shoulder surfing” to look into your personal information.
4.     Call the safety guard if find someone suspicious loitering around.
5.     Ensure the transaction receipt is properly disposed after each ATM transaction.

ATM preventive measures for shoulder surfing
1.     Use a reflective protective screen that grew darker if view from the side angle. It only allow the user to view directly in front of the display.
2.      Install the rubber shield over the recessed keypad and allow only user to view from certain angle.
3.     Having special keypad that alter physical location of the number after each user press to prevent from recognizing the sequence of the password.
4.     Employ gaze-based password authentication system that recognize the dynamic bio-metric signal of a user such as gaze features and movement patterns to prevent “shoulder surfing”. 

Source: http://www.softwaretipsandtricks.com/guides/articles/100/1/How-to-Prevent-shoulder-surfing-on-computer/Page1.html

Tuesday 17 November 2015

Cases involved “shoulder surfing”

According to Financial Fraud Action UK, the number of cash-machine fraud is on the rise. In the first four months of 2013, 7,525 cases were reported as compared to previous year of 2,553 cases. The fraud was found to be caused by peeping over cardholder shoulder to steal their PIN number. Similar in California, numerous cases had been reported as shown:
  • January 2, 2015 in Milpitas, California – A woman kept watching at ATM customers which then noticed by a bank employee. Multiple customers was found had money withdrawn from their accounts fraudulently.
  •  January 25, 2015 in Walnut Creek, California – a 32 years old Ayanna Bastain was observed acting suspiciously which was then arrested by police in a sting operation to identify a suspect in multiple shoulder surfing thefts. Based on the written statement, “Bastain was positively identified from surveillance photos from previous shoulder surfing thefts in Walnut Creek in November and December 2014”.
  • March 17-18, 2015 in Fremont, California – several people were the victims of shoulder surfing in two locations. More victims are still to be identified.

Source : http://news.sky.com/story/1100203/atm-shoulder-surfing-card-fraud-on-rise



Friday 13 November 2015

Cybercrime: Shoulder surfing…


In 29 November 2007, a Connecticut man had been a victim of shoulder-surfer in the Grand Central Terminal. They exploit the yawning loophole in the ATM system and the crowded spots like Grand Central Terminal where people move at high speed. The man withdrew $40 from a cash machine to buy a beer. As he was trying to catch a train, he just left with his ATM card and cash. However, a question still posted on the screen: Do you want to continue another transaction? Another guy step in and tapped “yes” and enter the password to withdraw all the money. How the guy get the password? It is through shoulder surfing. Although this kind of ATM machines were phased out in US to prevent Lebanese Loop, it still pose the danger for the pin number to be stolen via shoulder surfing.

Source: http://www.nytimes.com/2008/01/12/nyregion/12about.html?_r=0

What is shoulder surfing?

As suggested by the name, shoulder surfing is basically looking over someone’s shoulder or spying in order to get the personal information of that person. The information could be the personal access number such as ATM pin number or account password or any other personal information of that electronic device user. Shoulder surfing can be done through direct observation technique as well as other vision-enhancing devices such as pinhole camera to capture the photo. This had gain popularity especially in a crowded places as it will be easy to pretend standing behind the victim and look over the shoulder of the victim. Also, it will be hard for the victim to realize in a crowded places or catch the spy as it often difficult to find prove to charge them. The shoulder-surfer can easily look over the shoulder using eyeballs to steal the victim personal information.

Source: https://en.wikipedia.org/wiki/Shoulder_surfing_(computer_security)