Shoulder surfing (computer security)

In computer security, shoulder surfing is a type of social engineering technique used to obtain information such as personal identification number, password and other confidential data by looking over the victim's shoulder. This attack can be performed either from a closer range by directly looking over the victim's shoulder or from a longer range by using a pair of binoculars. To implement this technique attackers do not require any technical skills, keen observation of victims surroundings and the typing pattern is sufficient. Crowded places are the more likely areas for an attacker to shoulder surf the victim. In the early 1980s, shoulder surfing was practiced near public pay phones to steal calling card digits and make long distance calls or sell them in the market for the cheaper prices. However, the advent of modern-day technologies like hidden cameras and secret microphones makes shoulder surfing easier and gives more scope for the attacker to perform long range shoulder surfing. A hidden camera allows the attacker to capture whole login process and other confidential data of the victim, which ultimately could lead to financial loss or identity theft.

Shoulder surfing is more likely to perform in the crowded places because it is easy to observe the information without dragging the victim's attention. Various situations where an attacker can easily shoulder surf the victim are, while filling out a form(bank withdrawal, deposit form or a loan form), entering their PIN at an automated teller machine or an at a POS terminal, using their telephone card at a public payphone, entering their password at a cybercafe, public and university libraries, or airport kiosks, entering their code for a rented locker in a public place such as a swimming pool or airport, entering their PIN or password on their smartphone.

...
Wikipedia