Shoulder Surfing
What is shoulder surfing?
Shoulder surfing is when individuals use direct observation techniques, such as looking over someone else’s shoulder whilst at an ATM, to get their personal or bank information.
How shoulder surfers get their information
Shoulder surfing can be an effective way for crooks to get personal information, especially in crowded places where it is easy to stand next to someone and watch as they:
- complete bank forms,
- enter passwords at public libraries, or in cybercafés,
- enter a code for a rental locker at a pool or airport,
- enter their PIN number at an ATM machine or in a shop, or
- give information out when using a calling card at a pay phone.
Scarily shoulder surfing can also be done across long distances thanks to binoculars or other vision-enhancing devices such as optical zoom cameras, or even in some extreme cases, drones.
Why shoulder surfing is becoming a bigger threat
Being in crowded, chaotic environments increases the risk of shoulder surfing, and as the world becomes busier, and more and more of our business is done online or via technology, we are exposing ourselves, and increasing the risk of becoming victims to shoulder surfers. Travellers are particularly vulnerable to shoulder surfing as they find themselves in busy environments frequently, and often give out information over the phone or online due to business demands and such like.
In addition to the common examples of shoulder surfing outlined above, as the world becomes more heavily reliant on technology, the risk of subversive shoulder surfing is increasing. For example, you can be at risk of shoulder surfing attack when:
- you enter personal information into your laptop, phone or tablet when sitting next to a stranger on the bus, train or in the library (they could be watching as you enter your details),
- when confirming a hotel reservation, or similar, with your credit card details, over the phone,
- also, when entering your credit card details into your personal device when completing an online transaction and people nearby are shooting a video (they could record your details).
How to prevent shoulder surfing
To prevent yourself from becoming the victim of shoulder surfers, always ensure that you are protective of your personal information. For example, make sure to shield paperwork as you complete it in crowded places, cover the keypad on an ATM machine when you enter your PIN by using your body or cupping your hand, and be aware of who is around you when you give any personal information out over the phone, or at a public desk. Other great ways of preventing shoulder surfing include:
- Sit in a quiet location, or with your back to the wall when filling in forms e.g. at the doctors surgery, or at the bank. If you feel particularly exposed, then you could even ask to complete the forms privately.
- Always be aware of your surrounds. Remember that in addition to people, cameras, phones and other recording devices are also possible ways that your personal information can be captured.
- Do not give your personal or card details out verbally e.g. on the phone or similar, when you are in a crowded or public space. Wait until you are home, or ask to send the details over another way in order to ensure that your details are kept private.
