ID Theft Resources

What Is Shoulder Surfing?

By Steve Symanovich, a Symantec employee

Shoulder surfing can lead to financial wipeout—yours.

What is shoulder surfing? Shoulder surfing occurs when someone watches over your shoulder to nab valuable information such as your password, ATM PIN, or credit card number, as you key it into an electronic device. When the snoop uses your information for financial gain, the activity becomes identity theft.

In this article, you’ll learn how shoulder surfers manage to steal information. You’ll also get tips on how to help keep yourself from becoming a victim.

Examples of shoulder surfing

It’s Friday afternoon. The only thing that stands between you and the weekend is a long line at the ATM. You wait. And wait. Finally, it’s your turn. You tap in your PIN number as your bus home rumbles around the corner. You hit the key for “Quick $100,” grab your cash, and sprint to the bus stop. You made it! Later, you find out $400 more has been withdrawn from your bank account.

That person in line standing behind you—you probably didn’t notice if it was a man or a woman—happened to be a shoulder surfer. As you bolted for the bus, your ATM left a message on screen for you: “Would you like to make another transaction?”

What happened? That person who was next in line hit the key “yes,” entered your PIN number and stole your money.

It’s easy to fall victim to shoulder surfing. Often, it happens when you’re distracted or in a rush. There’s a good chance you might be in a crowded, public place.

And guess what? A thief engaging in this low-tech crime might not even have to peer over your shoulder. Binoculars or a cell phone video camera—or even a keen ear—can capture information needed to pierce your finances.

Here are three other ways shoulder surfers might strike:

  1. You’re at the airport, seated in a packed terminal awaiting your flight. Your kid calls you about something she wants to buy online. Mistake: You read to her your credit card number aloud.
  2. You kick back at a café for a cup of coffee and to pay your bills. You share a table, take a seat, and open your laptop. You log in to your bank with your user name and password and click on Bill Pay. Mistake: You’ve put key information in plain view.
  3. It’s your first day at work. You take your place in a sea of cubicles. You dive into your “paperwork,” signing up for employee benefits at your computer. You enter all sorts of personal information—your name, address, Social Security number, bank account, phone number. Mistake: Half a dozen coworkers can see what you’re doing.

7 tips to help prevent shoulder surfing

Shoulder surfers prowl the borders of your personal space. Their goal is to notice without being noticed. Here’s how to help thwart them:

  • Be aware of your surroundings. Watch for people and recording devices.

See also: Best ID Theft Prevention: Pay Attention

  • Sit with your back to the wall if you’re in a public place and entering personal or financial information into your computer or cellphone. Use VPN if you do financial transactions on Wi-Fi.
  • Shield the keypad on the ATM when you enter your PIN.
  • Make sure your ATM transaction is complete and take your receipt.
  • Pick strong passwords so it’s hard for any observer to guess what you typed.
  • Attach a screen protector on computers to obscure your screens.
  • Lock your computer screen at work when you leave your desk.
  • Find a private place when you need to share financial information over the phone.

Practice smart habits and you can help prevent shoulder surfing from happening and leading to financial loss. Shoulder surfing is a dangerous sport, if you’re the victim.

See also: How Long Does It Take to Recover From Identity Theft?

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Start your protection,
enroll in minutes.