What is shoulder surfing?
D2 ยท Threats ยท CompTIA Security+ SY0-701Shoulder surfing is a low-tech social engineering technique where an attacker observes a victim's screen, keyboard, or keypad to steal PINs, passwords, or sensitive information by looking over their shoulder.
Can be done in person (coffee shops, offices, public transport) or with cameras/binoculars at a distance.
Defenses: privacy screens (physical screen filters), positioning awareness (back to wall), screen lock policies, virtual keyboards for sensitive input.
Can be done in person (coffee shops, offices, public transport) or with cameras/binoculars at a distance.
Defenses: privacy screens (physical screen filters), positioning awareness (back to wall), screen lock policies, virtual keyboards for sensitive input.
Shoulder surfing is especially effective in crowded public spaces. Privacy screen filters reduce viewing angles, making screens unreadable from the side. ATM PIN pads often have physical shields. Remote shoulder surfing using zoom cameras is an advanced variant.