Shoulder Surfing Definition

KZero Staff
Oct 18, 2023

Shoulder surfing, as its name suggests, is a socially engineered attack where an attacker looks over their victim’s shoulder to obtain sensitive information without authorization. Shoulder surfing is a simple yet effective way to steal personal data, as it does not require sophisticated tactics or technological prowess.

Examples of Shoulder Surfing

Shoulder surfing is looking over someone’s shoulder to get information without the victim’s knowledge. Below are some examples of shoulder surfing.

  • Passwords: A stranger may look your shoulder to steal a password while you’re working at a cafe on your laptop.
  • Banking information: At an ATM, a person standing behind you watches as you enter your PIN and notes the money in your account.
  • Confidential data: While on an important business call in an airport, an individual listens to your conversation and can gather personal data about your clients.

Consequences of Shoulder Surfing

It is easy to overlook how a simple task such as having a phone conversation in public or putting your PIN into an ATM can put your personal information at risk. Falling victim to shoulder surfing can have grave consequences.

  • Identity theft
  • Financial loss
  • Reputational damage
  • Business and personal damage

Ways to Avoid Shoulder Surfing

As noted, shoulder surfing is a simple and unsophisticated social engineering attack that can expose sensitive data. It does not take a mastermind cybercriminal to shoulder surf. Here are some tips to avoid falling victim to shoulder surfing.

  • Be mindful of your phone conversations and aware of your surroundings. It may be easy to forget that anyone can easily listen to your private conversations, especially in public spaces.
  • Avoid using public computers or connecting to public networks. Using public computers is risky because they may not have the latest software updates, which leads to computer viruses. Using public, unsecured networks may also place your data at risk.
  • Safeguard your information while out in public. Cover your hand when inputting PINs or passwords. You can also use a privacy screen for your laptop or desktop, which will make it challenging to have your information compromised.
  • Use strong and unique passwords along with multi-factor authentication.
KZero Staff

Explore more insightful content from the knowledgeable KZero staff on our blog and guides section.

Glossary Terms

Stay up to date with the most recent #infosec topics

Trending Topics

Interested In
Next-Gen MFA?

Discover Multi-Pass enterprise passwordless authentication

Share the page: