ID Theft Resources

Police Departments Report Fresh Cases of Shoulder Surfing

Written by Jamie White for Symantec

Big data breaches at Anthem Blue Cross, Home Depot and Target have drawn our attention to cyber attacks, but it’s important to remember that identity theft can also be low tech — so you can’t let your guard down.

A good example is ‘shoulder surfing’ at ATMs, a crime in which a suspect watches over your shoulder as you punch in your PIN number.

There have been several recent instances in which police have issued warnings, announced arrests and even conducted sting operations:

  • Milpitas, Calif. – A bank employee noticed a woman watching ATM customers on Jan. 2, 2015. Police investigated and found that multiple customers had money taken from their accounts fraudulently.
  • Walnut Creek, Calif. – Police set up a sting operation to identify a suspect in several shoulder surfing thefts. On Jan. 25, 2015, 32-year-old Ayanna Bastain was observed acting suspiciously. According to a written statement, “Bastain was positively identified from surveillance photos from previous shoulder surfing thefts in Walnut Creek (in November and December 2014) and was arrested.”
  • Fremont, Calif. – On March 17-18, 2015, multiple people were victimized at two different locations.  Police are seeking more victims.

So if your bank card is securely in your hand or wallet, how can a thief steal money from your account? Some banks have a known weakness in ATM software. When customers complete their transactions the ATM screen asks if they have another transaction. If the answer is yes, the customer just needs to punch in the PIN to continue.

Unfortunately, some customers walk away with the prompt still on the screen. If the thief gets to the screen before the prompt disappears, the PIN stolen by shoulder surfing can be entered.

The Fremont Police Department issued these tips to avoid shoulder surfing:

  • Always make sure that you wait at the machine or check-out counter until your transaction is fully completed and closed.
  • Don’t proceed with your transaction if someone is standing unreasonably close to you.  ATM customers should always respect private personal space. 
  • Shield the pin pad by cupping your hand or using your body, if you believe someone is watching you.
  • If the ATM line is long and you feel something isn’t right, go inside to complete your transaction. 
  • Call police right away if you see anyone loitering or acting suspicious near an ATM. 
  • Always shred and properly dispose of your receipts.

This crime is considered identity theft because the crooks assume your identity as they access your account.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Start your protection,
enroll in minutes.