Shoulder surfing is an identity theft practice where someone tries to steal confidential information by spying over their target’s shoulder. The objective of shoulder surfing is to steal sensitive information such as passwords, credit card numbers, or personal identification numbers (PINs) that can later be used to access the victim’s accounts.

When Does Shoulder Surfing Happen?

Shoulder surfing happens to many people even if it’s not for malicious purposes. For example, a recent study from NYU found that 73% of survey respondents indicated they had seen someone else’s confidential PIN without them knowing.

Here are the most common scenarios when shoulder surfing may occur:

  • You enter your username and password when logging onto a banking app or website on your laptop or smartphone. For example, you’re at a coffee house waiting for your coffee. To pass the time, you decided to log into your bank account. Unfortunately, you don’t realize that a person near you has a great view of you entering your login information. Later this person attempts your login and successfully gains access to your bank account.
  • Using your debit or credit card to pay for an in-store transaction. For example, you’re at the supermarket and swipe your card, and enter your PIN into the card reader. But little do you know, the person beside you, next in line, is pretending to be on his phone. He is actually recording your transaction! Eventually, this person will figure out your card information and use it to their advantage.
  • Providing personal details in person or via phone call. Let’s say you’re having lunch with a friend, and suddenly, your phone rings. It’s your mom. She asks for your Netflix login, and without hesitation, you disclose your login information over the phone. While you may feel safe, someone near you hears your conversation and writes down your login information. Unfortunately, your Netflix login is the same as your email account. This stranger manages to gain access to two accounts.
  • Entering your PIN at an ATM or a cash point. Shoulder surfing often happens at ATMs. After completing a transaction, the ATM screen asks if you want another transaction. If so, you only need to enter your PIN to continue. However, many customers leave the pop-up screen without canceling, allowing anyone who saw your PIN to continue with the session before the pop-up disappears.
  • Accessing business systems or accounts from public locations. You decide to take your work outside the office. However, to do your work, you need to access sensitive accounts. So, you enter your username and password and carry on. But you failed to see the woman sitting a few seats away from you using binoculars to access your company’s accounts. Now your company’s accounts are at risk.

What are the Consequences of Shoulder Surfing?

Unfortunately, shoulder surfing can lead to you becoming a victim of identity theft, fraud, and even cause financial damage.

Here are some examples of the dangers of shoulder surfing.

  • The criminal can get your credit card information and make unauthorized purchases, leaving you in massive debt.
  • If the criminal gets a hold of your personal information, such as your Social Security number, they can take out new loans, apply for new credit cards and even apply for jobs in your name.
  • Lastly, they can negatively impact your credit scores, making it difficult for you to get a mortgage, car loan, or even a job.

10 Ways to Protect Yourself Against Shoulder Surfing Attacks

To help protect yourself from shoulder surfing, you must take precautions while disclosing sensitive information in public areas.

Here are some tips to help protect yourself against shoulder surfing.

1. Use Your Body to Protect Your Screen.

First, avoid entering sensitive information such as passwords and credit card details in public areas. If you must enter such information with people around, sit or stand with your back against the wall.

If it is necessary to give details about sensitive data over the phone, go and find a place away from the crowd and shield your mouth with your hand while speaking. For better protection, put a privacy protector screen on your mobile phone, tablet, and laptop to help protect your sensitive information from spying eyes.

2. Avoid Reusing Passwords.

According to an online security survey by Google and Harrison Poll, 52% of people use the same password for multiple accounts. So, suppose a criminal gets hold of your username and password that’s used for multiple accounts. In that case, they can steal your personal information, money and ultimately gain control over the accounts. Therefore, use different passwords for different accounts and yourself the trouble.

3. Utilize a Secure Password Manager.

Consider using a password manager. Password managers help you generate complex, long, and complicated passwords to better protect your accounts from being compromised. Remember that if you do this, ensure to protect your master password.

4. Use Two-Factor Authentication

Two-factor authentication helps protect your accounts by requiring you to prove your identity with two different authentication components. Your account can only be logged in when you use both factors correctly.

The two-factor authentication process is quite effective in online banking. The identification process is carried out through a combination of a password and PINs. The PIN is newly generated for each authentication process and expires after a few seconds.

5. Log in with Biometrics.

You can also consider enabling biometric authentication for logging into your devices and online accounts. Biometric authentication replaces passwords with fingerprints or facial recognition for identity verification.

This particular security feature makes it difficult for hackers to access your accounts.

6. Use Contactless Payment Methods.

To protect yourself from shoulder surfing, try using contactless payment methods like Google Wallet and Apple Pay to pay for transactions. These methods do not require entering a PIN and help protect you from cybercriminals.

7. Avoid Using Public Networks.

Public Wi-Fi networks are always vulnerable to attacks. A weak Wi-Fi network only makes it easier for a shoulder surfer to watch you enter your login information.

If you have to log in to your accounts in a public area, make sure to use a VPN for extra security or utilize your phone’s hotspot. This will help to keep your connection secure from criminals.

8. Monitor Your Credit Regularly.

Identity theft is not a technical skill that only cybercriminals use. Low-tech thieves even practice the act of shoulder surfing. Monitoring your credit can help you spot identity theft and potential fraud.

Personal information is everywhere, and cyber criminals are most effective when their targets are uninformed. Credit monitoring offers insight into changes to your credit report.

Possible suspicious changes can indicate that your sensitive information may have been compromised, so it’s a good idea to check your credit report regularly.

9. Set Up Fraud Alerts.

If you sign up for an identity theft protection plan, then make sure to set up fraud alerts. These alerts can quickly stop a shoulder surfer from committing further financial damage in your name.

10. Choose an ATM in a Good Location.

Believe it or not, outside ATMs at your local gas station and supermarket aren’t as secure as your bank’s. ATMs in public areas can be easily tampered with and often have little to no security, making this an excellent opportunity for a successful shoulder surfing attack.

Consider going to your bank’s ATM. These machines are under 24 surveillance and usually have a security guard standing near them for your protection, making it difficult for a shoulder surfer to act.

Did a Shoulder Surfer Steal Your Identity?

If you’re a victim of a shoulder surfing attack, notify the Federal Trade Commission by visiting, where you can file a report. Also, consider filing a police report with local law enforcement.

Next, notify your bank. They will help you resolve the issue and possibly return your funds caused by the shoulder surfing attack.

Don’t forget to contact the three major credit bureaus and freeze your credit, so shoulder surfers can’t open any new accounts in your name.

If you need extra protection after a shoulder surfing incident, then get identity theft protection. A monitoring service, such as IdentityIQ, can provide the tools you need to protect your identity from criminals. Learn how IdentityIQ can protect you today!