ID Theft Resources

Share Article
14 September, 2017
3 Minutes

What Is Shoulder Surfing?


Steve Symanovich

Staff writer

+ More
Display image


Shoulder surfing can lead to financial wipeout—yours.

What is shoulder surfing? Shoulder surfing occurs when someone watches over your shoulder to nab valuable information such as your password, ATM PIN, or credit card number, as you key it into an electronic device. When the snoop uses your information for financial gain, the activity becomes identity theft.

In this article, you’ll learn how shoulder surfers manage to steal information. You’ll also get tips on how to help keep yourself from becoming a victim.

Examples of shoulder surfing

It’s Friday afternoon. The only thing that stands between you and the weekend is a long line at the ATM. You wait. And wait. Finally, it’s your turn. You tap in your PIN number as your bus home rumbles around the corner. You hit the key for “Quick $100,” grab your cash, and sprint to the bus stop. You made it! Later, you find out $400 more has been withdrawn from your bank account.

That person in line standing behind you—you probably didn’t notice if it was a man or a woman—happened to be a shoulder surfer. As you bolted for the bus, your ATM left a message on screen for you: “Would you like to make another transaction?”

What happened? That person who was next in line hit the key “yes,” entered your PIN number and stole your money.

It’s easy to fall victim to shoulder surfing. Often, it happens when you’re distracted or in a rush. There’s a good chance you might be in a crowded, public place.

And guess what? A thief engaging in this low-tech crime might not even have to peer over your shoulder. Binoculars or a cell phone video camera—or even a keen ear—can capture information needed to pierce your finances.

Here are three other ways shoulder surfers might strike:

  1. You’re at the airport, seated in a packed terminal awaiting your flight. Your kid calls you about something she wants to buy online. Mistake: You read to her your credit card number aloud.
  2. You kick back at a café for a cup of coffee and to pay your bills. You share a table, take a seat, and open your laptop. You log in to your bank with your user name and password and click on Bill Pay. Mistake: You’ve put key information in plain view.
  3. It’s your first day at work. You take your place in a sea of cubicles. You dive into your “paperwork,” signing up for employee benefits at your computer. You enter all sorts of personal information—your name, address, Social Security number, bank account, phone number. Mistake: Half a dozen coworkers can see what you’re doing.

7 tips to help prevent shoulder surfing

Shoulder surfers prowl the borders of your personal space. Their goal is to notice without being noticed. Here’s how to help thwart them:

  • Be aware of your surroundings. Watch for people and recording devices.

See also: Best ID Theft Prevention: Pay Attention

  • Sit with your back to the wall if you’re in a public place and entering personal or financial information into your computer or cellphone. Use VPN if you do financial transactions on Wi-Fi.
  • Shield the keypad on the ATM when you enter your PIN.
  • Make sure your ATM transaction is complete and take your receipt.
  • Pick strong passwords so it’s hard for any observer to guess what you typed.
  • Attach a screen protector on computers to obscure your screens.
  • Lock your computer screen at work when you leave your desk.
  • Find a private place when you need to share financial information over the phone.

Practice smart habits and you can help prevent shoulder surfing from happening and leading to financial loss. Shoulder surfing is a dangerous sport, if you’re the victim.

See also: How Long Does It Take to Recover From Identity Theft?

Get LifeLock Identity Theft Protection 30 DAYS FREE*

There's a victim of identity theft every 3 seconds.° LifeLock makes identity theft protection easy. Start your protection now.

It only takes minutes to enroll.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Dropbox Not Hacked, But Your Account May Have Been Compromised
Dropbox said no breach had happened on its servers. “Your stuff is safe. The usernames and passwords…were stolen from unrelated services, not Dropbox.
Read More
Can Your Identity Be Stolen With Only a Name and Address?
Stay informed about the latest identity theft news and stories about what law enforcement and elected officials are doing to protect consumers from becoming victims.
Read More
Child Identity Theft by a Parent: What You Need to Know
Stay informed about the latest identity theft news and stories about what law enforcement and elected officials are doing to protect consumers from becoming victims.
Read More
Debit vs. Credit Card ID Theft
Most credit card companies allow 90 days for a victim to report an unauthorized transaction, while banks generally require a two-day notice for unauthorized debit card purchases.
Read More

Start your protection,
enroll in minutes.

Get discounts, info, protection tips, and more

Sign up for promotional emails