Shoulder surfing is a social engineering technique where an attacker obtains sensitive information such as personal identification numbers (PINs), passwords, credit card numbers, or other confidential data by directly observing a victim's actions. This often involves looking over someone's shoulder while they enter information on a device like an ATM, smartphone, or computer, but can also be done from a distance using binoculars or cameras
. The attack is common in crowded or public places such as coffee shops, public transport, or workplaces, where it is easier for the attacker to observe without being noticed. The attacker may watch keystrokes, finger movements, or listen to sensitive information being spoken aloud
. Shoulder surfing requires no technical skills-just keen observation-and can lead to serious consequences like identity theft, financial loss, or unauthorized access to accounts
. To prevent shoulder surfing, common recommendations include:
- Shielding keypads or screens with your body or hand when entering sensitive data
- Sitting with your back against a wall in public spaces
- Using strong passwords, two-factor authentication, or biometric security
- Avoiding verbalizing sensitive information in public
- Using screen protectors and locking devices when unattended
In essence, shoulder surfing is a low-tech but effective method of stealing private information by visually spying on someone’s input or screen in public or semi-public environments.
