Definition

shoulder surfing

What is shoulder surfing?

Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.

Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a pin at an ATM or pay for something using a credit card.

Shoulder surfing can also be done from a long distance with the aid of binoculars or other vision-enhancing devices.

Examples of shoulder surfing

There are several ways shoulder surfers can steal personal data.

methods used to steal credit card information
Like digging through someone's trash, shoulder surfing is a non-technical means of stealing information -- including credit card data -- from individuals.

One example of shoulder surfing is if an employee is talking about confidential business on their phone and a co-worker is sitting right next to them. That person would be able to see their screen and take notes.

The shoulder surfer wouldn't be able to do this if the other individual was standing in front of them or sitting behind them, but because the person is sitting down, it's possible for the co-worker to see what they're doing on their phone.

Here are a few other examples:

  • Sitting in a public place and paying a bill or making a purchase over a cellphone Reading your debit or credit card number or other sensitive data aloud would allow an eavesdropping shoulder surfer to overhear your conversation and potentially write down the sensitive information.
  • Sitting in a coffee shop next to someone and paying a bill or typing in a password. Someone sitting nearby could easily snoop and copy down the confidential data while looking over the victim's shoulder.
  • Furthermore, if the person is using a public wi-fi network, hackers can intercept private information shared over the network unless a VPN is utilized.
  • Filling out employee benefits information from a public work computer, where anyone walking by can see the screen, is another case where contact information or a social security number could be copied. This could result in identity theft.
preventing identify theft
Shoulder surfing can lead to identity theft, so taking measures to protect from it is important.

How to prevent shoulder surfing

To prevent shoulder surfing, experts recommend that people shield paperwork or their keypad from view by using their body or cupping their hand.

Here are a few other helpful tips to avoid being victimized by shoulder surfing:

  • Cover the ATM keypad when entering your PIN.
  • Use strong passwords, a single sign-on password manager, two-factor authentication or biometric authentication for an added layer of cybersecurity.
  • Don't verbalize sensitive information over a mobile device in public.
  • Use a screen protector for public computers or laptops.
  • Lock your devices whenever you leave them.
  • When entering data on a cellphone in a public place, sit with your back to the wall.
This was last updated in October 2021

Continue Reading About shoulder surfing

Dig Deeper on Threats and vulnerabilities

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close