Shoulder surfing: how it happens, and how to protect yourself

In the modern day and age, our data protection efforts are mainly focused on identity theft and other ways of stealing information online. However, there are simpler, yet often more dangerous practices that most of us overlook, and shoulder surfing is one of them.

It can be as simple as someone catching a glance of your credit card PIN at the ATM, or something far more advanced. Thankfully, there are proper protection steps you can take to avoid this.

Together with my team of experts at Cybernews, I’ve investigated the matter in more depth, looking for the most effective ways of protection. I’ll lay out our findings in this guide to give you the best advice.

What is shoulder surfing?

While the matter is pretty clear in terms of physical spying, the big question is: what is shoulder surfing in cybersecurity?

In this context, it’s digital shoulder surfing, which means that cybercriminals rely on video calls, screen-sharing apps, or other tools to steal your data.

They often use the latest smartphone models with advanced camera zooming capacity to spy on your details in the banking app. Video call shoulder surfing is another one of the most recent forms, where criminals take a peek at video calls and on-screen details in public.

Attackers might also use recording devices like cameras or magnifying tools like binoculars to spy on your sensitive details.

How a shoulder surfing attack works

While crafting this guide, I've looked at numerous shoulder surfing examples to see how it works in practice. Here is the breakdown based on the experiences of scam victims:

• Selecting targets. Criminals look for easy targets among people on their phones, especially if they appear to be sorting out financial transactions.
• Positioning. They usually get in line or stand right beside people close to ATMs or even those using the machines. They might sit next to you in an internet cafe, subway, or similar locations.
• Observing or recording. Moving on, they either use high-quality smartphone cameras to zoom in on the details or just observe and memorize.
• Using collected info. Once done, scammers obtain details by checking their recordings or attempt to use the data they got from simply observing.

Criminals often target busy areas where you wouldn’t even notice being watched, so make sure you're aware of your surroundings when conducting any financial transactions.

Protect My Accounts with Aura

When are you at risk of shoulder surfing?

You’re mainly at risk of a shoulder surfing attack when checking your banking details in crowded areas. Based on common reports, I’ve made a list of the most dangerous spaces:

• ATMs or self-checkout machines. Shoulder surfers commonly prey on someone’s information at ATMs. They often get in line right behind people, which allows them to spy on the PIN code. The same goes for self-checkout machines at grocery stores and shopping malls.
• Airports, cafes, or co-working spaces. They also target busy individuals who spend time on their mobile devices and laptops at airports or in cafes.
• Public transport and lines. It’s also common for scammers to spy on the personal information of people in buses, trains, and subways. Bank or post office lines are also among the most likely places where your information might be exposed.
• Shared offices or open-plan workspaces. While seemingly unassuming, workspaces and offices are also favorable for shoulder surfers. It would have to be someone within your corporate area, though, but you never know.
• When using mobile phones or laptops. Finally, people using their mobile phones and laptops in public in general make easy targets. It’s especially so for people logging into their banking accounts or checking other financial information on larger laptop screens.

Signs you’ve been a victim of shoulder surfing

Here are some of the most common signs you’ve been a target of such spying attempts:

• Unfamiliar or unauthorized transactions. You might get notifications of ATM withdrawals from places you haven’t been to or even money transfers that you haven’t authorized.
• Odd login notifications or password changes. If you receive a notification of a changed password or an unusual login attempt into your banking app, it’s a clear sign of shoulder surfing.
• Sudden changes in financial or social media accounts. You should also check for changed addresses, phone numbers, or security questions for account recovery.
• Suspicious activity linked to your personal data. Finally, you might receive reports from online data security tools about your personal information being misused on the internet.

What to do if you are affected by shoulder surfing

If you’ve fallen victim a shoulder surfing cybersecurity attack, don’t panic. There are still ways to maintain your online privacy and make things right by following these simple tips:

• Change all compromised passwords. Reset all passwords to banking apps or other accounts that you might have used in public. Make sure to pay extra attention to passwords you’re using for multiple accounts.
• Contact your bank or credit card provider. Get in touch with your banking institution or credit card issuer to report fraud. In case unauthorized transactions have already been performed, you can discuss disputing them to get your money refunded and order a new card with a different PIN.
• Freeze your credit or set up fraud alerts. To prevent the scam from harming your credit score, you can report the fraud to all three major bureaus and freeze your credit to prevent anyone from obtaining your credit report while your details are compromised.
• Monitor your identity for suspicious activities. Request annual credit reports or use the services of online ID protection tools like Coveron for breach alerts and privacy protection.
• Use identity protection services. Rely on some of the best identity theft protection services, as ranked by Cybernews experts. For instance, Aura is the best tool for real-time data protection and recovery assistance.

How to protect yourself from shoulder surfing attacks

The key takeaway is that you may prevent shoulder surfing if you follow a few helpful tips. Here’s how to stay safe:

• Use privacy screen protectors. For mobile devices, there are screen protectors that prevent anyone but you from seeing what’s on it, while a strategy you can use at the ATM is blocking the screen with your other hand while typing in the PIN.
• Be aware of your surroundings. Make sure to look around for suspicious activity whenever you’re entering sensitive data and information in public.
• Use biometric logins. Instead of relying on a PIN or a password, you should switch to biometric logins for a higher level of protection.
• Enable two-factor authentication. Make sure to always use 2FA, which helps in case someone truly gets a hold of your password.
• Avoid entering passwords in crowded or public spaces. Never enter sensitive passwords while on public Wi-Fi addresses or avoid doing so in crowded areas altogether.

I’d also recommend using tools like Aura and Coveron, just to be safe. The former handles real-time alerts and data monitoring with VPN access, while the latter helps with data breach detection, ID monitoring, and features family-wide coverage for an extremely affordable price.

Protect yourself from shoulder surfing attacks

In summary, the key to shoulder surfing protection is awareness. If you're mindful of your surroundings, you’ll be able to act on time and prevent anyone from seeing your personal details.

I’d also recommend checking out the complete Cybernews guide on using privacy tools like Coveron and Aura. If you’re looking for a safe online browsing assistant, learn more about Aura Identity Protection here. Or, explore Coveron for data breach safeguarding without breaking the bank.

FAQ