What is Shoulder Surfing, And How Can It Cause Identity Theft?
Table of Contents
- By Emmett
- Mar 22, 2022
The FTC received 4.8 million identity theft reports in 2020 alone, an increase of 45% from the previous year. There are various ways cybercriminals can steal your identity, whether that be through malicious software, false websites, or other online scams. But what about those who steal your information right in front of you? With shoulder surfing, data theft can occur entirely offline, right under your nose.
What is Shoulder Surfing?
Shoulder surfing, like many methods of data or identity theft, involves stealing confidential credentials and information for online accounts. But unlike other forms of identity theft, shoulder surfing is done by simply being near a victim and watching or listening as they use sensitive information. This theft can occur any time you input or use account details in person, on a public network, or via a transaction.
How Does Shoulder Surfing Occur?
It may seem rudimentary, but shoulder surfing is a very real and easy way for criminals to get your information. This theft method can occur in numerous places, including:
- Using the computers at a public library.
- A store when using a debit or credit card.
- Using your laptop in a public area.
- Providing personal details over the phone.
Anytime you input account credentials or access private accounts in a public area, thieves could be nearby. For most instances of theft, you won't even know the person was there at all. Many criminals will observe their victims from a distance, obtaining the information they need and leaving before anyone is the wiser.
When was the last time you carefully studied a bank parking lot before accessing an ATM, looked around for cameras before filling out important paperwork, or checked to see if anyone was watching before swiping your credit card? That's how shoulder surfing happens, usually when you least expect it.
Here are three common scenarios that can expose you to shoulder surfing.
Getting Some Work Done In a Coffee Shop
You decide to do some work in your local coffee shop and bring your laptop to connect to their WiFi. You log in to their public network and take a moment to pay some bills online. Unfortunately, there are two ways shoulder surfers could get your information here. One, they could watch as you enter the information, writing it down without you noticing. Two, they could access your computer through that unencrypted public network. Either way, they now have your account details and can use them to engage in fraudulent activities.
Waiting at The Doctor's OfficeYou arrive early for an appointment and are sitting in the waiting room of your doctor's office. You get a call from one of your children, and they need to purchase something online for school. Without thinking, you read them your credit card information so they can make their purchase. Unfortunately, another person sitting in the waiting room hears this and can now use your information to use your credit card themselves.
Starting a New JobYou've just gotten a new job and are filling out the intake paperwork to start your employment. These documents require many different pieces of personal information, including your name, social security number, address, bank account for direct deposit, and phone number. You sit in a common area while filling out this paperwork, greeting your new coworkers as they pass by. Little do you know, they've seen all of the sensitive information on these forms and can now use them for whatever purpose they would like.
How Can I Prevent Shoulder Surfing?
Using your information in public can't be avoided; there are certain situations that require the input of sensitive data. What you can control are the actions you take to keep that data safe.
Here are a few tips you can use to keep yourself safe from scammers.
Check The Area Before Inputting Information
Whether you are at an ATM, on the phone, or putting in account details in a public area, make sure everything is safe. Look around for suspicious cameras, lingering onlookers, or anything else that may compromise your data. If you can, find a private place to put in any sensitive information, so you can make sure the only person who sees your accounts is you.
To help protect your accounts, you can set up multi-layered identity confirmation. Two-factor authentication involves two separate authentication processes, often asking for a password or PIN along with confirmation via phone or email. This extra account protection means that even if scammers get your password, they won't be able to log into your accounts.
Use Biometric Passwords
In addition to two-factor authentication, biometrics are an excellent way to secure your accounts with extra layers of security. For biometric authentication, your devices will require facial or fingerprint recognition to allow access.
Try Contactless Payment
One of the main ways shoulder surfers get your information is by watching you swipe a credit or debit card. You can eliminate this step by using contactless payment methods, which don't require a password or PIN for purchases. These include Android Pay, Apple Pay, and Google Wallet.
Don't Reuse Old Passwords
For many, remembering different passwords can be frustrating. But reusing old passwords can make it easier for scammers to find and access your accounts. You want to use unique PINs and passwords for each account, so it doesn't affect every other account if one gets compromised.
Don't Use Public Networks
If you access WiFi in a coffee shop, restaurant, or other public networks, these connections are rarely encrypted. Because of this, cybercriminals can easily access any data transferred over that network. If you use your computer to log in to any accounts, these same criminals may have access. If you must use a public network, make sure to use a VPN to encrypt your connection.
Monitor Your Data For Breaches
Credit and identity theft monitoring are great ways to ensure that your accounts have not been accessed. It isn't easy to know when your data has been breached without monitoring services and failing to notice a breach can result in damage to your credit score and other financial repercussions.
Shoulder Surfing Can Be Stopped With A Few Small Changes
Adjusting your behavior can be frustrating, but nothing is more frustrating than theft. Make sure that any time you are using sensitive information to check your surroundings. Secure your accounts, make sure to use reliable networks, and monitor your data for breaches. By taking these steps, you can keep yourself safe from shoulder surfing and digital fraud.