Shoulder Surfing: A Concise Guide In 3 Easy Points


Shoulder surfing is a term might for the criminal practice used by thieves to steal personal through improved spying techniques as one uses electronic devices, an ATM, laptop, public kiosk or such. The risk of personal data in a thief’s hand could mean a total financial loss, wrongful use of data captured for criminal activities, loss of identity and more. Thus what started in the pay-phone days and using the phone-card numbers to make telephone calls, graduated to use of ATM PINs wrongly gathered to use debit, credit and gift cards to make purchases, buy gas, or steal from gullible people in what is known as a shoulder surfing attack.

In this article let us look at:

  1. When can it happen?
  2. Consequences of Shoulder Surfing
  3. Steps for Preventing Shoulder Surfing

1. When can it happen?

Shoulder surfing occurs when one uses public places and shares personal details. It could be at pads for PINs, kiosks, ATMs when laptops/ smartphones are used when entering in data that is personal. The thieves are smart and not noticeable, as they can also be found at the lounges in an airport, bar, restaurant, bus, subway, train etc., and use innovative shoulder surfing examples and means to capture data. For Ex: miniature cameras, binoculars, phone cameras etc. Technology is so advanced that they skim the PINs at a shoulder surfing ATM using electronic keypads, eavesdrop on conversations, and fool people into revealing the SSNs or OTPs and more.

2. Consequences of Shoulder Surfing

Shoulder surfing can empty one’s account, place one’s details for criminal activities, steal identities, hijack accounts and more. It mostly happens because many people use the same passwords for multiple accounts. For Ex: One may use Instagram, internet banking and other accounts on a common password that contains the date of birth, middle names etc.

When a shoulder surfer can capture the password for one account logged into at the subway, for example, one compromises all accounts! The thieves can record finger movements when using the ATM from a distance of 10 feet! Some people write their passwords down and store them on phones or in their purses! One indiscretion is all that is needed for thieves to get the account password and empty the bank account, steal personal information and compromise identities.

3. Steps for Preventing Shoulder Surfing

Here are some protective steps to use against the shoulder surfers.

  • Enter mobile PIN or passwords with a wall as the backdrop. Use the body to shield one’s hand movements when entering PINs at ATMs. Also, get a good privacy protector for the smartphone, tablet or laptop to prevent others from seeing the account one is logging into.
  • Never use the same password or repeat passwords. According to the Harris Poll, about 66% of the American population found they used the same or repeated passwords for multiple accounts. 
  • One can use a random password generator or a graphical password to avoid shoulder surfing and deter fraudsters. These devices use a secure and random sequence of letters and numbers to log one into an account and work on a master password that also needs superb protection.
  • Technological advancements, like facial recognition, retinal scans, fingerprint scans or patterns, cannot be easily replicated. Hence one can use these features instead of PIN typing. Many apps offer contactless payments to prevent card skimming by shoulder surfers.
  • Never use the hacking vulnerable public hotspots or Wifi to log in to online shopping or sensitive accounts.
  • Try using a 2 or 3-step authentication process like bank accounts to which they send an OTP for a limited time. This delays the log-in with compromised accounts.
  • Be alert to foul-play signs, small transactions that are not made by one, unrecognized transactions in the bank statement etc, as the earlier one catches on to it, the better one can protect oneself from fraudulent transactions, identity theft etc. Also, remove rarely used saved payment transactions.
  • Use Experian (free of cost) to monitor credit scores regularly to stay ahead of shoulder surfers. Ensure any transaction on financial accounts is sent in as an alert. If, by chance, one falls into the trap, report the matter immediately to the credit authorities like Equifax, Experian, or TransUnion, who place fraud alerts on the accounts.


The risks of shoulder surfing by hackers and thieves are ever-present and very real in today’s technologically enabled world. It can happen with or without one’s knowledge and across devices like computers, phones, smartphones, laptops, etc. used in public places or without being aware and protected. The above article discusses some common ways of avoiding shoulder surfing, preventing shoulder-surfers from getting one’s personal information, what to do in case one falls into a fraud trap, and the method commonly used by shoulder surfers. Being aware and careful is the best way to counter hacking and frauds. Shoulder surfing prevention is always and has always been the best cure to shoulder surfing.

So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give you an edge in this competitive world.



Related Articles

Please wait while your application is being created.
Request Callback