How Shoulder Surfing Threatens Your Security

The information provided on this website does not, and is not intended to, act as legal, financial or credit advice. See Lexington Law’s editorial disclosure for more information.

Shoulder surfing is the act of peering over someone’s shoulder while they’re entering personal information—like a PIN or password—in public. It’s a practice commonly used by identity thieves to ascertain login credentials that are then used for scams, fraud and other criminal activity.

Shoulder surfing is the act of peering over someone's shoulder while they're entering personal information—like a PIN or password—in public, according to the U.S. Army Cyber Command.

Where Shoulder Surfing Occurs

The practice of shoulder surfing began with telephone booths as people would enter credit card information or their PINs on the keypad. It then spread to other areas with keypads, such as ATMs and gas pumps. 

Today, shoulder surfing is even more common due to the prevalence of smartphones, tablets and laptops. Identity thieves have mastered the art of subtle observation and keen listening, and they may even record people on a smartphone from a distance to review the footage later.

The fact is, shoulder surfing may occur anywhere groups of people are gathered. A 2016 survey found that 73 percent of mobile device users had observed someone else’s PIN—although malicious intent was not always indicated.

A 2016 survey found that 73% of mobile device users had observed someone else's PIN number, according to NYU Tandon School of Engineering.

Shoulder surfers may obtain sensitive information when people are doing any of the following:

  • Filling out forms that require personal information—both paper and online
  • Keying in a PIN at an ATM, point-of-sale device or gas pump
  • Entering login information on a mobile device, laptop or tablet in public
  • Verbally disclosing credit card information over the phone

How Shoulder Surfing Can Affect Your Credit

In the world of credit, shoulder surfers may misuse your sensitive financial information to make purchases using your account. Depending on the amount of information gathered, they may even open a new account or take out a loan in your name. 

If an identity thief runs up your credit card or exceeds the limit before you can catch it, it may cause your credit utilization to surpass the recommended 30 percent, which may hurt your credit score. 

If the identity thief applies for new credit cards or loans, this would likely cause new hard inquiries to appear on your credit reports. If there are multiple hard inquiries within a short time period, your score could drop substantially.

If the criminal fails to make payments on your stolen credit account—which is likely—then your credit score could see a serious dip until you’re able to clean up your report.

How to Prevent Shoulder Surfing

Shoulder surfing is a unique threat, but it can be easily prevented with proper security measures. The majority of Americans don’t know they’ve been affected by a data breach, and many still make crucial financial security mistakes, so adequate awareness is key. Consider the following safety precautions to stave off sneaky shoulder surfers.

Avoid Transactions on Public Wi-Fi Networks

According to our financial security survey conducted earlier this year, 17 percent of Americans reported making a purchase on a public Wi-Fi network. While encryption has made public networks safer, online shopping is still not risk-free. Approximately five percent of the top 10,000 HTTPS websites have security flaws that make them vulnerable to criminal hacking. To be safe, any transactions in public should be made on a cellular data connection.

Nearly one in five Americans have made purchases on public WiFi networks.

Cover Keypads and Touchscreens

Position yourself strategically when entering sensitive information. For example, if you’re in a high-traffic area like an airport, sit with your back to the wall to mitigate the possibility of someone peering over your shoulder. If you’re entering a PIN, cover the keypad with one hand while typing with the other. Additionally, consider a privacy screen filter for your computer or laptop, which prevents wandering eyes from reading your screen.

Create Strong PINs and Passwords

Use long PINs and passwords with a mix of uppercase and lowercase letters, numbers and symbols. Consider using a secure password manager that stores login information automatically, reducing the need for manual entry. Whenever possible, use biometric authentication like facial recognition or fingerprint readers. 

Don’t Disclose Personal Information Out Loud

Avoid over-the-phone transactions that require you to speak or enter account information in public. When asked to share your Social Security number or account number in public—like with a bank teller—write it down instead of saying it out loud. Then, ensure the paper is shredded immediately after use. If you’re ever suspicious of why you’re being asked for sensitive information, ask. It may not be necessary.

Consider Contactless Payment

Forms of contactless payment—most notably, Apple Pay, Android Pay and Google Pay—add another form of security to your transactions, because they don’t require you to enter a PIN or swipe a card. 

When it comes to avoiding identity theft and fraud, staying alert is crucial. If you suspect you may have fallen victim to shoulder surfing, first check your bank statements for any unusual activity. You may also want to review your credit report for any inaccurate information, which may negatively impact your credit score—even if it wasn’t your fault.

Lexington Law can help you dispute questionable negative items on your credit report. Contact us for a credit consultation to get your finances back on the right path.

Reviewed by Cynthia Thaxton, Lexington Law Firm Attorney. Written by Lexington Law.

Cynthia Thaxton has been with Lexington Law Firm since 2014. She attended The College of William and Mary in Williamsburg, Virginia where she graduated summa cum laude with a degree in International Relations and a minor in Arabic. Cynthia then attended law school at George Mason University School of Law, where she served as Senior Articles Editor of the George Mason Law Review and graduated cum laude. Cynthia is licensed to practice law in Utah and North Carolina.

Note: Articles have only been reviewed by the indicated attorney, not written by them. The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, reviewers, contributors, contributing firms, or their respective agents or employers.