Shoulder surfing is a type of identity theft practice where someone tries to steal confidential information by spying over their target’s shoulder. The objective of shoulder surfing is to steal sensitive information such as passwords, credit card numbers or personal identification numbers (PINs) that can later be used to access accounts for financial gain.

In this article we cover the following:

How Does Shoulder Surfing Happen?

Shoulder surfing happens to a substantial amount of people even if it’s not for malicious purposes. A recent study from NYU found that 73% of survey respondents indicated they had seen someone else’s confidential PIN without them knowing. Shoulder surfing can happen anywhere, especially at ATMs and kiosks. It can also occur when you enter sensitive information on your smart devices in a coffee shop or at an airport.

Here are the most common scenarios when shoulder surfing may occur:

  • You enter your username and password when logging onto a banking app or website on your laptop or mobile device.
  • Using your debit or credit card for paying an in-store transaction.
  • Providing personal details in person or via phone call.
  • Entering your PIN at an ATM or a cash point.
  • Accessing business systems or accounts from public locations.

Apart from spying over your shoulder, shoulder surfing is also possible through digital cameras. Cybercriminals keep an eye on targets from a distance. After successfully obtaining confidential information such as their PIN, password or Social Security number, thieves can misuse this data to make purchases or withdraw money from your account.

One of the most common examples of shoulder surfing involves ATM machines. After completing a transaction, the ATM screen asks if you want another transaction. If so, you only need to enter your PIN to continue. However, many customers walk away from the pop-up screen without canceling, allowing anyone who saw your PIN to continue with the session before the pop-up disappears.

Tips to Help Prevent Shoulder Surfing

When you type a password, enter a PIN at an ATM or provide personal information while filling a form, thieves can try to steal this information for financial gain. As technology advances, it has become easier for them to secretly record videos or take pictures of your credit cards.

Victims are usually unaware they’re being observed or recorded because criminals appear to be talking or texting on the phone. In order to help protect yourself from shoulder surfing, you have to take precautions while disclosing sensitive information in public areas.

Here are some tips to help protect yourself against shoulder surfing.

Use your body to protect your screen

First of all, try not to enter sensitive information such as passwords and credit card details in public areas. If you must enter such information with people around, make sure to sit or stand with your back against the wall. If it is necessary to give details about sensitive data over the phone, go and find a place away from the crowd and shield your mouth with your hand while speaking.

For better protection, put a privacy protector screen on your mobile phone, tablet and laptop to help protect your sensitive information from spying eyes.

Avoid reusing passwords

According to Google, 52% of people use the same password for multiple accounts. The best practice, however, is to use different passwords and PINs for different online accounts to help avoid the possibility that someone can access all your accounts if one username/password pair gets compromised.

Consider using a password manager to help you generate unique and secure passwords for different accounts. If you do this, make sure to protect your master password.

Use two-factor authentication

Two-factor authentication helps protect your accounts as it requires you to prove your identity with two different authentication components. Your account can only be logged in when you use both factors correctly in conjunction.

The two-factor authentication process is quite effective in online banking. The identification process is carried out through a combination of a password and PINs. The PIN is newly generated for each authentication process and expires after a few seconds.

Log in with biometrics

You can also consider enabling biometric authentication for logging into your devices and online accounts. Biometric authentication replaces passwords with fingerprints or facial recognition for identity verification. Just keep in mind that your biometric data can also be subject to data breaches.

Use contactless payment methods

To protect yourself from shoulder surfing, try using contactless payment methods like Google Wallet and Apple Pay to pay for transactions. These methods do not require you to enter a PIN and help you stay protected from cybercriminals.

Avoid using public networks

Public Wi-Fi networks are always vulnerable to attacks. It’s never a good idea to use a public network or shared devices to log in to your personal or business accounts. Avoid using public networks as hackers can easily get the data in transit.

These networks are often unencrypted, and once they have been breached, cybercriminals can access confidential data, such as bank details, credit card information and passwords. If you have to log in to your accounts in public areas, make sure to use a VPN for extra security.

Monitor your credit regularly

Identity theft is not a technical skill that only cybercriminals use. Low-tech thieves even practice the act of shoulder surfing. Monitoring your credit can help you spot identity theft and potential fraud. Personal information is everywhere, and cybercriminals are most effective when their targets are uninformed.

Identity theft and credit monitoring offers you insight on changes made to your credit report. Possible suspicious changes can indicate that your sensitive information may have been compromised, so it’s a good idea to keep an eye on your credit report regularly.