The information provided on this website does not, and is not intended to, act as legal, financial or credit advice. See Lexington Law’s editorial disclosure for more information.
Shoulder surfing is the act of peering over someone’s shoulder while they’re entering personal information, like a PIN or password, in public. This allows thieves to commit criminal activity using your information.
You’re probably familiar with that suspicious feeling of someone looking over your shoulder. But you tell yourself there’s no harm in someone being a little nosy, right? Unfortunately, someone can tell a lot from looking over your shoulder—including your passcode, Social Security number and debit card PIN.
This practice of looking over someone’s shoulder to steal personal information is called shoulder surfing. Keep reading to learn more about how this happens and how to protect yourself from potential criminals.
What is shoulder surfing?
Shoulder surfing is the act of peering over someone’s shoulder while they’re entering personal information—like a PIN or password—in public. It’s a practice commonly used by identity thieves to ascertain login credentials that are then used for scams, fraud and other criminal activity.
The practice of shoulder surfing began with telephone booths as people would enter credit card information or their PINs on the keypad. It then spread to other areas with keypads, such as ATMs and gas pumps.
Today, shoulder surfing is even more common due to the prevalence of smartphones, tablets and laptops. Identity thieves have mastered the art of subtle observation and keen listening, and they may even record people on a smartphone from a distance to review the footage later.
The fact is, shoulder surfing may occur anywhere groups of people are gathered. A NYU Tandon School of Engineering survey found that 73 percent of mobile device users had observed someone else’s PIN—although malicious intent was not always indicated.
Examples of shoulder surfing attack
Knowing which situations surfers take advantage of can help you stay vigilant and make safe decisions, whether you’re using mobile banking apps or trying to pay a bill over the phone.
Shoulder surfers may obtain sensitive information when people are doing any of the following:
- Texting information or making purchases in a public space.
- Entering login information on a mobile device, laptop or tablet in public.
- Filling out forms that require personal information—both paper and online.
- Connecting devices to free, unsecured Wi-Fi networks and logging into accounts.
- Verbally disclosing credit card information over the phone.
- Discussing personal information on the phone in public or making purchases over the phone.
- Keying in a PIN at an ATM, point-of-sale device or gas pump.
How to prevent shoulder surfing
Shoulder surfing is a unique threat, but it can be easily prevented with proper security measures. Most Americans don’t know they’ve been affected by a data breach, and many still make crucial financial security mistakes, so adequate awareness is key. Consider the following safety precautions to stave off sneaky shoulder surfers.
Create strong PINs and passwords
Use long PINs and passwords with a mix of uppercase and lowercase letters, numbers and symbols. Consider using a secure password manager that stores login information automatically, reducing the need for manual entry. Whenever possible, use biometric authentication like facial recognition or fingerprint readers.
Cover keypads and touch screens
Position yourself strategically when entering sensitive information. For example, if you’re in a high-traffic area like an airport, sit with your back to the wall to mitigate the possibility of someone peering over your shoulder. If you’re entering a PIN, cover the keypad with one hand while typing with the other. Additionally, consider a privacy screen filter for your computer or laptop, which prevents wandering eyes from reading your screen.
Consider contactless payment
Forms of contactless payment—most notably, Apple Pay, Android Pay and Google Pay—add another form of security to your transactions because they don’t require you to enter a PIN or swipe a card.
Don’t disclose personal information out loud
Avoid over-the-phone transactions that require you to speak or enter account information in public. When asked to share your Social Security number or account number in public—like with a bank teller—write it down instead of saying it out loud. Then, ensure the paper is shredded immediately after use. If you’re ever suspicious of why you’re being asked for sensitive information, ask. It may not be necessary.
Enable two-factor authentication
Two-factor authentication (2FA) helps protect your accounts even if unauthorized users gain access to your password. If you’ve enabled 2FA, it will send a one-time code to you via text or email if someone tries to log in to your account. If someone gets the login information for your banking app, they’d also need access to your texts or email to log in.
Always enable this feature so you’ll know right away if someone else tries to access your accounts. If you ever receive a notification that someone is trying to log in, change your password immediately.
Avoid transactions on public Wi-Fi networks
According to our millennial spending habits survey, 91 percent of millennials prefer shopping online. While encryption has made public networks safer, online shopping is still not risk-free. Approximately five percent of the top 10,000 HTTPS websites have security flaws that make them vulnerable to criminal hacking. To be safe, ensure any transactions you make in public are on a cellular data connection.
How shoulder surfing can affect your credit
Shoulder surfers may misuse your sensitive financial information to make purchases using your account. Depending on the amount of information gathered, they may even open a new account or take out a loan in your name.
If an identity thief runs up your credit card or exceeds the limit before you can catch it, it may cause your credit utilization to increase, which may hurt your credit.
If the identity thief applies for new credit cards or loans, this would likely cause new hard inquiries to appear on your credit reports. Your score could take a hit if there were multiple hard inquiries within a short period.
If the criminal fails to make payments on your stolen credit account—which is likely—then your credit could see a serious dip until you can clean up your report.
FAQ
Why is shoulder surfing a concern?
Shoulder surfing is a concern because most people won’t realize someone has their information or password. This means it could take longer for the victim to realize if the shoulder surfer gains access to their accounts or banking information.
Is shoulder surfing identity theft?
Shoulder surfing is a tactic identity thieves can use to get control of your accounts to steal your identity.
When it comes to avoiding identity theft and fraud, staying alert is crucial. If you suspect you have fallen victim to shoulder surfing, check your bank statements for any unusual activity. You may also want to review your credit report for any inaccurate information that could negatively impact your credit—even if it wasn’t your fault.
Lexington Law Firm can help you challenge questionable negative items on your credit report. Explore credit repair options to get your finances back on the right path.
Note: Articles have only been reviewed by the indicated attorney, not written by them. The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, reviewers, contributors, contributing firms, or their respective agents or employers.
