What is Shoulder Surfing? How do you prevent it?

Shoulder Surfing

Shoulder surfing is a cybersecurity threat that involves an attacker secretly observing sensitive information such as passwords, PINs, or confidential data by looking over the victim's shoulder. This low-tech form of cyberattack doesn't require sophisticated tools but relies on human carelessness and lack of awareness.

How Shoulder Surfing Works

Shoulder surfing typically occurs in crowded or public spaces where individuals are using devices or entering confidential information. Here's how it works:

The attacker positions themselves strategically to get a clear view of the victim's screen or keyboard.
They discreetly watch as the victim enters their password, PIN, or other sensitive information.
The attacker may use this information for malicious purposes, such as unauthorized access or identity theft.

Preventing Shoulder Surfing

Preventing shoulder surfing requires vigilance and awareness. Here are some tips to protect yourself:

Use privacy screens: Privacy screen protectors for laptops and smartphones can limit the viewing angle, making it difficult for others to see your screen.
Position yourself strategically: When entering sensitive information in public, stand or sit in a way that blocks the view of your screen or keyboard from prying eyes.
Use on-screen keyboards: Some devices offer on-screen keyboards that can obscure your key presses from onlookers.
Be aware of your surroundings: Stay alert in public places and watch for anyone who seems overly interested in your screen or actions.
Use two-factor authentication (2FA): Enable 2FA wherever possible to add an extra layer of security even if your password is compromised.

Example of a Shoulder Surfing Attack

Let's walk through an example of how a shoulder surfing attack might occur:

Alice is at an airport and needs to access her bank account to check her balance. She goes to an empty corner of the terminal and takes out her smartphone to log in. Unbeknownst to Alice, Bob, an attacker, notices her from a distance.

Bob discreetly moves closer, positioning himself behind Alice so that he can see her screen. As Alice enters her PIN, Bob watches and memorizes it. With this information, Bob can later access Alice's bank account and potentially steal her money.