Shoulder Surfing

Shoulder Surfing

Shoulder Surfing

Shoulder surfing is defined as the practice of spying on the user of a cash-dispensing machine or other electronic device in order to obtain their personal identification number or password.

Direct observation techniques’ can be used which involves looking over someone’s shoulder to obtain this type of information.

Shoulder surfing can be more achievable in crowded places as it is easier to observe someone who is filling in a form’ or entering a PIN or passcode into their mobile phone.

This technique can also be used at distance as binoculars can be used or closed circuit cameras can be concealed in buildings in order to gain access by observation of data entry.

The most common form of identity theft is by using the victim’s existing credit, bank or other account information.

It can also include opening new accounts in the victim’s name.

It is not usually until the payer defaults that the victim becomes aware of the fraud as they are then contacted by the collections department / agency.

According to the Federal Trade Commission (FTC), there are about three fourths of identity theft victims that report the thief only misused their existing accounts.

One-fourth of the victims report that the thief opened up new accounts or committed other types of fraud with their own personal information’.

The FTC states that credit card accounts’ are the most commonly misused existing account.

However, the use of wireless technology has means that telephone accounts can also be accessed and misused.

A survey of IT professionals in a white paper[4] for Secure found that:

• 85% of those surveyed admitted to seeing sensitive information on screen that they were not authorized to see
• 82% admitted that it was possible information on their screens could have been viewed by unauthorized personnel
• 82% had little or no confidence that users in their organisation would protect their screen from being viewed by unauthorized people.

In order to prevent information from being obtained by shoulder surfing, there can be some changes made to the screen so that it is darker.

Simply, people can cover the keyboard with their other hand (by shielding it) when entering the data so that it cannot be readily available.

There is a device called the Lebanese loop which is currently being used. It involves the perpetrator fitting a device on the ATM/cash machine so that it holds on to the card.

Whilst you go in to the bank to try to sort out the issue, the perpetrator will have had access to the PIN you have entered (by watching you on a fitted camera) and they are then able to obtain money from the account.

Try and avoid using ATMs on the main street and take money out from the ATMs situated inside the bank instead.

If you notice anything suspicious do not use the machine and inform the bank.

Consider how visible you may be on the main street to others.

This can include use of your mobile phone or tablet. Be aware of what is going on around you.


  2. This is Money, (2016). How to protect yourself from cash point fraudsters. [online] Available at:
  3. SearchSecurity, (2016). What is shoulder surfing? – Definition from [online] Available at: