Shoulder Surfing

Social Engineering 👥 • Sec+ Glossary 📖 • Security+ 02 • Difficulty: free

What is Shoulder Surfing?

Shoulder surfing is the act of observing a person closely enough to capture sensitive information, such as passwords, PINs, screen content, or confidential data, usually without their knowledge.

Examples

A person standing nearby watches an employee type a building access code into a keypad.
An attacker in a coffee shop observes a victim entering banking credentials on a laptop.

Discover 🔎

Not every security failure involves malware, stolen files, or hacked systems. Sometimes the information is simply watched. A password typed in the open, a confidential email displayed on a train, or a PIN entered at a cash machine can all be exposed without any software exploit at all.

That is the risk behind shoulder surfing. The attacker gains information by seeing it directly. In many cases, the victim does not realize anything unusual has happened because nothing was broken, no warning appeared, and no system alert was triggered.

Remember: Shoulder surfing is a visibility problem. If sensitive information can be seen, it can be stolen without touching the device itself.

Summary 📝

Shoulder surfing is the theft of sensitive information through observation rather than technical compromise. It can expose passwords, PINs, screen content, and confidential business data in both public and workplace environments. The risk is reduced by combining user awareness with practical physical safeguards such as privacy screens, careful device positioning, and better handling of sensitive activity in exposed spaces.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.