Explore how shoulder surfing attacks occur when malicious actors visually observe screens, keyboards, or devices to steal passwords, PINs, and sensitive data. This tag covers real-world scenarios, prevention techniques, and privacy tools that help individuals and organizations defend against this low-tech but highly effective social engineering threat.
posts
In 2023, a Ponemon Institute study sponsored by 3M found that 91% of visual hacking attempts — someone simply looking at a screen — were successful. No malware. No zero-day exploit. No phishing email. Just a person standing in the right place at the right time, reading credentials off someone else'
A $10 Pair of Binoculars Can Beat Your $10 Million Security Budget In 2018, a researcher at a security conference demonstrated how he captured over 100 passwords simply by watching people type at airport gates and coffee shops over a two-week period. No malware. No phishing emails. No zero-day exploits.
A former employee at a financial services firm in Chicago watched his coworker type her password every morning for two weeks. He memorized it character by character. After he was terminated for performance issues, he used those stolen credentials to access the company's client database from a public
A few years ago, a journalist filmed himself reading credit card numbers, PINs, and passwords off the screens of commuters on a London train. No malware. No exploit kit. Just a pair of eyes and a decent camera phone. That's a shoulder surfing attack in its simplest form
