British news group says criminals can get client information by simply watching employees through windows.

British online daily The Telegraph yesterday said that banks in London’s Square Mile are very vulnerable to criminals looking for bank information.

How so? Their employees are working near spotless windows, making bank information they are handling at risk of being read by criminal ‘window-shoppers.’

photo courtesy of The Telegraph

Security experts call this ‘walk-by’ data theft. By just reading through clear windows, criminals can see log-in boxes, emails and other important information that is flashed on screen. Criminals with zoom lens can even fish for information at a distance to avoid raising suspicion.

Criminals who are able to do this successfully can replicate authentic employee emails and start scams.

Security firm AppRiver’s Senior Director of Technical Product Management David Liberatore said ‘Organisations exposing corporate information through an open window are perhaps more vulnerable than if they had a key logger installed at the back of the device.’

photo courtesy of The Telegraph

Liberatore warned that the window seat may seem simple and logical for the employee’s comfort. But organisations need to think about a better floor plan to prevent the leak of sensitive information. He added that banks should not only think about virtual security but physical security as well.

First Base Technologies Senior Penetration Tester and Technical Team Lead Mike McLaughlin said walk-by data attacks are rare. But criminals can find this technique a gold mine by picking up little pieces of information and patching them together.

He said ‘There are groups of criminals who hire people to go in as cleaners and plant bugs in buildings. People don’t look at the cleaners, they don’t even notice them, they’re just part and parcel of the business, so the amount of information a cleaner would have is scary if they put their mind to it.’

photo courtesy of The Telegraph

To prevent criminals from successfully penetrating organisations’ data, simple counter-actions like installing window screens can make a difference. But clients will continue to be exposed as long as their banks remain in the dark about this scheme.