Blog How to protect yourself from “shoulder surfing”—the crime you never saw coming
Robert Siciliano November 15, 2018

How to protect yourself from “shoulder surfing”—the crime you never saw coming


You’re sat in a coffee shop, enjoying your daily latte. Maybe you check your bank account on your phone, or sign into your mail app on your laptop. Do you ever think about shoulder surfing?

We know that connecting to public WiFi is bad; after all, that’s why we created Hotspot Shield—to encrypt your data and eliminate the risk of having your sensitive information stolen by a cybercriminal connected to the same, unsecured WiFi network. But we seldom think of the person sat on the table adjacent.

What is “shoulder surfing”

Shoulder surfing is where cybercriminals steal personal information by watching, recording, listening, and in some cases, hacking people when they use ATMs, smartphones, tablets, and other electronics. As the term suggests, these cyberthieves are looking over the shoulder of their victims and then using that information to hack into their accounts. Any time you use an ATM, or use your credit card at a gas station, or even buy groceries with a debit card, you are at risk of becoming a victim.

Shoulder surfing consequences

If you become a victim of shoulder surfing or web sniffing, you could be putting personal information at risk including:

  • Social Security numbers
  • Passwords
  • PINs
  • Account numbers

Once criminals have this information, they can open new accounts, steal your identity, or straight up take your money.

How to protect yourself from shoulder surfing

Here are some steps you can take to protect yourself from shoulder surfing:

Step 1: Keep all account numbers on file and make sure you register your phone number with your bank, so they have it on file. This way they can authenticate you when necessary.

Step 2: Don’t say your Social Security number or birthdate out loud. If you are asked for it, such as at a doctor’s office, write it on a piece of paper and pass it over. Then ask that they shred it and watch them do it.

Step 3: When working online, use a password manager. It will save hard-to-remember passwords for you.

Step 4: Protect your PINs. Shield the keypad when typing it in. If you can, change your PIN a few times a year on every account.

Step 5: Always assume you are on camera. Cover up your phone screen when doing banking out in public to avoid shoulder surfing.

Step 6: Consider contactless payment methods like Apple Pay and Google Wallet.

Step 7: Check card readers before putting your card in. If it feels loose, it might be a card skimmer.

Step 8: Don’t do any online banking or similar transactions on a public WiFi network.

Step 9: Use Hotspot Shield to encrypt your data on unsecured, free public WiFi

Step 10: If you can, use biometric readers to unlock your phone, such as a fingerprint reader. If you have to use a passcode, make it at least six digits. This makes it harder for a thief to guess.

Step 11: Use two-factor authentication. This makes it more difficult for your data to be stolen.

Step 12: Sign up for identity theft protection. This product would alert you if there was any suspicious activity associated with your name or other information.

Keep in mind that computer hackers are not the only ones who commit crimes to steal your identity. There are plenty of people out there practicing low-tech methods, like shoulder surfing, to steal the personal information of others. When you stay vigilant, you can ensure that your data and identity remain safe.

shoulder surfing
Robert Siciliano
About Robert Siciliano

Robert Siciliano is an Identity Theft expert consultant to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him discussing internet and wireless security on Good Morning America. FInd Robert Siciliano on Google+

View all posts by Robert Siciliano
Subscribe to our newsletter

Become a Hotspot Shield insider to get the latest news, updates, and special offers delivered directly to your inbox.