What Is Shoulder Surfing?

Shoulder surfing is a technique where an attacker obtains sensitive information by directly observing someone’s screen or keyboard. This can be done either in-person or through the use of technology, such as cameras or recording devices. Targets of shoulder surfing attacks can range from individuals entering their PIN at an ATM to employees accessing confidential data on their work computers.

Where Do Shoulder Surfing Attacks Happen?

Shoulder surfing attacks can occur in various locations, both in-person and online. Public places, such as coffee shops, libraries, and public transportation, are common spots for these attacks. Workspaces, including offices and shared workspaces, can also be targets due to the concentration of sensitive information. Online platforms like social media, video calls, and forums can expose users to shoulder surfing, as attackers may observe or record screens without their knowledge.

What Are the Consequences of Shoulder Surfing?

The consequences of shoulder surfing can be severe and far-reaching. Identity theft is a major concern, as attackers can use stolen information to impersonate victims. Unauthorized access to personal information can lead to financial loss, reputation damage, and emotional distress. Victims may have to invest time, money, and energy into recovering from the attack and securing their personal information.

10 Ways to Protect Yourself Against Shoulder Surfing Attacks

  1. Be aware of your surroundings: Pay attention to the people around you and avoid using sensitive information in crowded areas.
  2. Passwordless authentication: This method removes the need for passwords, using alternatives like biometrics or hardware tokens, eliminating the risk of shoulder surfing.
  3. Use privacy screens: Attach a privacy screen to your devices, limiting the viewing angle and making it harder for others to see your screen.
  4. Adjust screen brightness and angle: Make it difficult for onlookers by reducing your screen brightness and positioning your device to minimize visibility.
  5. Position yourself strategically: Choose locations where your back is against a wall or otherwise obstructed from view.
  6. Use two-factor authentication (2FA): Adding an extra layer of security helps protect your accounts even if someone obtains your password.
  7. Regularly update your passwords: Change your passwords often and avoid using the same password across multiple accounts.
  8. Avoid using sensitive information in public: If possible, refrain from entering sensitive data, like passwords or credit card numbers, while in public spaces.
  9. Be cautious on social media and online forums: Be mindful of the information you share and consider the potential risks of shoulder surfing when participating in online discussions.

Educate yourself and others about shoulder surfing: Stay informed about the latest security threats and share this knowledge with friends, family, and colleagues.

Ready to go Passwordless?

Indisputable identity-proofing, advanced biometrics-powered passwordless authentication and fraud detection in a single application.