Shoulder surfing is a security attack that is implemented by observing a victim as he/she enters a PIN, fills out a form, or performs another activity that exposes their confidential information. A shoulder surfer may observe a victim by looking over their shoulder, taking pictures, or using binoculars from a distance. For example, credit card fraud is usually started by taking a picture of a victim’s credit/debit card as he/she is standing in line at a store and then using the numbers on the card to make purchases over the phone and on the Internet.

 

How Shoulder Surfing Works

Shoulder surfing is often implemented because of its ease and effectiveness. While some people heed the warnings of security professionals by cupping their hand as they enter PINs or using their body to block potential observers from seeing their confidential information, most people are much less careful and often expose their information without thinking about it. Even those who are careful, however, can still be the victim of shoulder surfing if the shoulder surfer is using binoculars, cameras, or some other form of technology that allows him/her to observe the victim from above or at an angle that the victim doesn’t expect anyone to be looking from.

 

Applications

Shoulder surfing can be used to obtain a wide variety of confidential information, such as usernames, passwords, PINs, credit card numbers, phone numbers, social security card numbers, and much more. Shoulder surfing can also be used to obtain other information about a victim, such as his/her address, full name, birth date, or any other information that an observer may want to know in order to steal a victim’s identity or money.