Is Shoulder Surfing a threat to Cybersecurity


For some of you, the phrase “Shoulder Surfing” might be new or you might assume it to be synonymous, but is not in practical.

What is Shoulder Surfing?

It is nothing but a threat actor trying to gain sensitive information by looking over the shoulder and checking out the screen, over-listening to a conversation or capturing key strokes, by using relative spying tools.

The hackers can steal sensitive details such as passwords, credit card numbers, OTPs, personal identification pins, usernames, and in some instances bank details from the relative banking app with the help of this technique, making it a genuine threat.

Where does Shoulder Surfing take place?

Such instances take place in crowded places, in malls, airports and other transit stations and in some cases at ATMs. They can sometimes steal information from an innocent victim using sophistication like binoculars, CCTV cameras, public wi-fi networks, and spy cams. Then they use the details to conduct data breaches, identity thefts, financial losses or such…

Why do the bad actors indulge in Shoulder Surfing?

Well, precisely speaking, not much effort is required to steal details in this tactic, linked to social engineering attacks. The hacker just needs to distract the mind of the victim and steal the data, and as it takes place within a short period, it can prove profitable.

How to stay safe from Shoulder Surfing?

It is simple, just be aware of what is lurking in the cyber landscape and act accordingly. Like keeping the device screen away from the attention of others, using a 14-16 character password that is a mixture of alphanumeric characters and 1-2 special characters, 2FA whenever we are accessing online accounts, avoiding public networks to access email and bank account services and instead use the hot-spot feature on a 5G or 4G mobile phone, never clicking on links sent by unknown senders via SMS, email or on social media accounts and last by following a basic cybersecurity hygiene.


Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display