ELI5: What is Shoulder Surfing?
Someone peeks over your shoulder while you type your password or PIN. No fancy hacking needed — they just watch you with their own eyes (or a camera from across the room).
Definition
Shoulder surfing is a physical attack technique where an attacker observes a target entering sensitive information—such as a password, PIN, credit card number, or confidential data—by looking over their shoulder or from a nearby vantage point. It can be performed in person or using binoculars or cameras from a greater distance. It is one of the simplest attacks because it requires no technical knowledge.
Key Details
- High-risk environments: ATM machines, public computers, open office spaces, cafes and airports, public transit.
- Can be performed from significant distances using cameras or binoculars—line-of-sight attacks not always close-range.
- Countermeasures: Privacy screens (micro-louver technology restricts viewing angle), physical awareness (positioning to block view), password masking (show dots instead of characters), screen orientation (facing away from public spaces).
- Also applies to reading documents, screens showing sensitive data, or listening to confidential phone calls.
- A social engineering adjacent technique—no interaction with the victim required.
Connections
- Parent: password-attacks — a physical technique to capture passwords
- See also: screen-filtersprivacy-screens