Tax Season Attacks – Part 3, Shoulder Surfing

In our last post we covered phishing scams against taxpayers. Now we will take a look at attackers who shoulder-surf taxpayers who are preparing their filings in public, hoping to read sensitive financial information that can be used later.

The Attack

Shoulder surfing certainly is not the most technical form of identity theft, but it has been an effective means to commit fraud. Shoulder surfing is the practice of looking over someone’s shoulder to get information. A casual glance from behind, or a quick look at paperwork on a desk, can be enough for an attacker to obtain passwords, credit card data, PINs, and other personal and financial data. It is low-tech, but it works.

Prevention

To prevent prying eyes from stealing personal financial information, people should only prepare tax documents in private places where they will not be shoulder-surfed, such as their home, or a private office. Attach a privacy screen to the computer monitor when preparing taxes, in order to prevent someone who enters the home or office from seeing data on the screen. When stepping away from a computer, someone filing taxes must either log out or lock their computer by pressing Win + L key combination on Windows OS and Control + Shift + Power/Eject on Mac.

Do not use public computers to file taxes. Public computers are more likely to be in places where people can shoulder-surf screens and papers. In addition, public computers may contain malware or keyloggers which may compromise tax data.

Physical security measures extend to paper documents, as well. Do not leave documents unattended unless they are stored securely. Store tax documents in solid folders and envelopes, and store them under lock and key.

Continue to part four: dumpster diving.