Shoulder Surfing

Shoulder surfing is a low-tech but effective form of information theft in which an attacker directly observes someone entering sensitive information — a PIN at an ATM or point-of-sale terminal, a password on a laptop in a coffee shop, a phone unlock pattern, or a social security number on a form. The attacker may be standing immediately behind the target or watching from a greater distance using magnification.

The technique requires no technology and leaves no digital trace, making it difficult to detect or prosecute. It is particularly prevalent in crowded urban environments: public transport, ATM queues, airports, libraries, and cafés are all common venues. In organised fraud, shoulder surfing may be paired with card trapping or cash trapping at ATMs to capture the full set of credentials needed for account access.

Protective habits include: always shielding the hand when entering a PIN; using a privacy screen on laptops and smartphones in public; being alert to people standing unusually close when accessing sensitive accounts; and choosing ATMs in well-lit, enclosed bank lobbies rather than exposed standalone machines.