Key Takeaways
- Shoulder surfing, where someone literally looks over your shoulder to steal information, is a simple and easy way for criminals to get hold of your credentials.
- Criminals can target you at ATMs, shops, or when using your devices in public.
- Avoid shoulder surfing by staying alert, using strong passwords, and enabling 2FA to protect your accounts.
Shoulder surfing is a common way for criminals to get access to your accounts, whether it’s social media, your bank, or anything else. Let’s go over what it is, how it works, and how you can avoid falling victim to it.
What Is Shoulder Surfing?
Shoulder surfing is a catch-all phrase referring to any method used to obtain people’s data in public. It got the name since this usually takes the form of looking over somebody’s shoulder while they’re on their phone or laptop. However, it’s been expanded upon a bit and now refers to any form of data theft through direct observation, like listening in on a phone call.
It’s often used for cybercrime despite requiring little to no technology for the act itself, though you could enhance your senses with binoculars and a remote camera or microphone. Like most social engineering attacks, the goal is to get some information from a target which then can be used later to gain access to accounts.
Examples of Shoulder Surfing
There are a lot of ways criminals can look over your proverbial shoulder and get their hands on that sensitive data. You’re probably now used to the warning on most ATMs and shop terminals that you should guard your PIN while entering it and make sure nobody is behind you sneaking a peek. After all, if they have the number and then pickpocket the card somehow, there’s nothing standing in their way to emptying your accounts.
There are more places you are vulnerable to shoulder surfing than the ATM or checkout counter. You’re also at risk when using your laptop in a public place, be it a coworking space, library, or coffee shop. An observant onlooker could figure out your password when you access your device, especially if they see you enter it multiple times.
Much the same goes for using your phone on the bus or train, say. If somebody is behind you, and you use a PIN or pattern to unlock your phone, they can see what you’re doing. If they ever get their hands on your device, they’ll have access.
Finally, you probably should avoid discussing personal details in public if at all possible, whether talking to another live person or on the phone. If you disclose personal information, anybody that overhears the conversation will now know it, too. For example, many government services will ask for your Social Security number (or its equivalent) and your date of birth to confirm your identity. Yell this out in a public place and dozens of people will be able to use this information if they want to.
How to Avoid Shoulder Surfing
Shoulder surfing can take many forms, but these criminals are always after the same thing, namely data that will give them access. The trick then is to make sure they don’t get it. Here are a few tips on how you can do that.
Be Aware
First and foremost, you need to be aware of what you’re doing in public. If you need to make an important phone call in which you’ll need to identify yourself, do it at home, not on a crowded bus. Make sure that when you enter your PIN or password, there isn’t somebody behind you looking along.
Even if you think you’re safe, it won’t hurt to cultivate the habit of covering what you’re doing as best you can. Hide the view of your keyboard or number pad with your body or even your hand. While you may not block it perfectly, every digit or character you deny to a potential spy can stymie their efforts.
The goal is not to live in a constant state of paranoia, furtively looking about if somebody is out to filch your data. The trick is to be self-aware and cultivate healthy habits that keep you safe, with a good dash of common sense thrown in.
Better Passwords
Speaking of common sense, you may also want to ditch the PINs, patterns, short passwords, and anything else that is making life easy for cybercriminals. In all these cases, I recommend you either use proper long passwords or go passwordless.
This is because PINs and patterns are easy to figure out. It’s much better to use something unique to you. I unlock my phone with a fingerprint, but you can also choose face ID or whatever else is available. To get access to my phone, you’d need to knock me out. That’s not impossible, but assault is a big step up from peeking over somebody’s shoulder.
For anything that doesn’t need quick access, you probably should get strong, long passwords. Though these are very hard to remember, you can use a password manager to store and autofill them. You unlock the password manager with an easy-to-remember passphrase or biometric method, and you get greater security and better ease of use, all at the same time.
Use 2FA
Even if you take all the precautions you can, there is always the chance that your codes or passwords will be discovered. To prevent someone from taking over of your accounts even if they know your password, you need to set up two-factor authentication (2FA) on any account that supports it.
With 2FA, any sign-in attempt will be challenged to enter a code, usually sent to another device you own by text, email, or a special 2FA app like Authy or Google authenticator. This adds an extra layer of security to passwords. 2FA can be a bit annoying, but you’ll be grateful if a shoulder surfer ever gets hold of your passwords.
Can You Avoid Shoulder Surfing?
In the end, there’s no way to prevent people from taking a peek over your shoulder. A determined shoulder surfer has more experience at it than you do at avoiding it. What you can do is minimize the information they can glean and make sure that, even if they have it, they can’t do too much damage.
All the above tips are easy to implement and will make you a lot safer immediately. They will also prevent other types of cybercrime besides shoulder surfing. On top of that, the best password managers also make surfing a lot more convenient with autofill. You won’t just be safer, you’ll also enjoy your time online more.