Estimated Reading Time: 4 Minutes
Although shoulder surfing may sound fun (especially as the summer months heat up!) it is a risk to your identity that you should avoid at all costs. With the total amount of fraud victims up 5 million from 2020 and the reductions to social distancing requirements, it is as important as ever to understand what shoulder surfing is so you can take steps to protect yourself.
What is Shoulder Surfing?
The term “shoulder surfing” refers to a criminal practice where thieves steal personally identifiable information (PII) from you by using direct observation and listening techniques without you even realizing it. Think of it like eavesdropping with intent – the intent to use information you share during the normal course of your day to steal your identity.
What Are Some Examples of Shoulder Surfing?
- You’re in the supermarket and a health care provider calls to make an intake appointment. You give your full name, date of birth, and address. Because you’re distracted by trying to get groceries, you quickly give the information without second thought. Beware: a person in the store may be shoulder surfing and has just heard your personally identifiable information so they can use it to sign up for new accounts on your behalf.
- You’re at the airport, waiting for your flight only to find out it has been delayed. You open your laptop and start to catch up on some “life admin” activities like paying a few bills. Beware: a person behind you may be shoulder surfing and collecting your username, password, and account information.
- You’re at a coffee shop waiting for your order when your kid calls and asks you if he can sign up for an upcoming activity. You quickly give him your credit card information as your name is called for your drink. Beware: there may be a person shoulder surfing in the coffee shop collecting information about you and other customers.
- You’re in line at the ATM on a busy afternoon to take out some cash for the weekend. You’re on the phone and distracted, so you hurry away without hitting all those extra buttons to finalize the transaction. Beware: the person behind you may be shoulder surfing and may either choose to extend your session to steal your financial information and/or withdraw more money without your permission. Worse yet, they may have seen your pin number and/or collected your receipt to conduct future fraud.
Why Does Shoulder Surfing Matter?
As the real life examples above show, it is easy to inadvertently become a victim of shoulder surfing. While one or two pieces of information may seem innocuous, shoulder surfers are expert at piecing things together. According to Javelin Strategy & Research’s 2022 Identity Fraud Study, in 2021, traditional identity fraud losses — those involving any use of a consumer’s personal information to achieve illicit financial gain — amounted to $24 billion (USD) and ensnared 15 million U.S. consumers. Shoulder surfing is a relatively easy way to gain PII that can later lead to full wipeout.
How Can You Protect Yourself from Shoulder Surfing?
With the odds of becoming a victim of identity theft being 1 in 20 a year, it is important to take as many steps — or strokes! — as you can to avoid shoulder surfing. Here are three simple tips you can take to help protect yourself from this crime:
- Always be aware of your surroundings. If someone appears to be lurking — and waiting for that perfect wave of information from you — they probably are. Don’t give them info to ride your wave!
- Sit with your back to the wall when you are using personal devices in public spaces. Use a screen shield to further protect wandering eyes from looking at your screens and consider using a VPN if you are doing financial and personal transactions on Wi-Fi. Device security is also key!
- Use strong passwords, always! Keeping your passwords unique and strong is one of the easiest ways to limit others from stealing your identity.
Complimentary IDRiskIQ™ Assesment
Now is a great time to review your own risk for identity theft and fraud by taking your complimentary IDRiskIQ™ assessment. IDRiskIQ evaluates individuals’ demographics, online behavioral attributes, and the devices they use to better assess their susceptibility to fraud. Once the assessment has been completed, you will receive your score along with immediate, personalized feedback on steps you can take to protect yourself against cybercrime and identity fraud.
Contact us to learn if your trusted cybersecurity provider, insurance carrier, and/or financial institution offers comprehensive identity protection services from Iris Powered by Generali.