An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public
area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts belonging to
ATM operators may have been compromised. Which of the following attacks has MOST likely taken place?
The CCTV camera has recorded people entering their PINs in the ATMs. This is known as shoulder surfing.
Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get
information. Shoulder surfing is an effective way to get information in crowded places because it’s relatively
easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or
use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of
binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield
paperwork or your keypad from view by using your body or cupping your hand.