What is shoulder surfing? Meaning, how to spot the signs - tips you can take to stay safe on UK streets

According to a senior UK fraud officer, criminals are becoming more sophisticated in their targeting of victims in order to access banking apps and other sensitive information on mobile devices.

Although these apps' technology is secure, Detective Superintendent John Roch says thieves are becoming more adept at taking advantage of people's behaviours.

Thieves frequently "shoulder surf" their targets to catch them inputting their PIN before taking the phone, a crime that can have an extremely high financial cost for the victim.

"It's only a phone... but if you take that out without the right precautions and protections around it you are essentially walking around with a bag of cash," he said. "If you start to think of it like that, would you walk into a bar, put it down and turn your back on it? Probably not."

What is shoulder surfing?

Shoulder surfing is a technique used by individuals to steal private information by covertly observing someone else's electronic device, such as a mobile phone or laptop, without their knowledge or consent. The term "shoulder surfing" refers to the act of looking over someone's shoulder to gain unauthorised access to sensitive or confidential information.

The process typically involves an attacker positioning themselves close enough to the target person to observe their actions on the device's screen or keypad. By doing so, they can gather valuable information like login credentials, PIN numbers, credit card details, or any other sensitive data that the victim enters into their device.

An attacker could engage the victim in conversation while strategically positioning themselves to view the victim's mobile device screen. They might exploit the victim's distraction or trust to gain access to sensitive information.

In some cases, thieves may take advantage of distractions caused by shoulder surfing to snatch a mobile phone or other devices when the owner is momentarily unaware. This type of opportunistic theft can happen when the victim is preoccupied with protecting their information and not paying attention to the physical security of their device.

Shoulder surfing itself is not a specific offence in the UK. However, the actions taken as a result of shoulder surfing, such as using the obtained information for unauthorised purposes or engaging in identity theft, can be considered illegal under various laws, including the Computer Misuse Act, the Fraud Act and the Data Protection Act.

How can I stay safe?

To mitigate the risk of shoulder surfing and protect your private information, you should be aware of your surroundings, staying vigilant and mindful of people around you, particularly in public spaces or crowded areas where shoulder surfing is more likely to occur.

You could also use privacy screen protectors, filters that limit the viewing angles, making it harder for shoulder surfers to see your screen unless they are positioned directly in front of it. Failing this, shield your device by using your hand or body to block the view from prying eyes when entering passwords, PINs or any other sensitive information.

Two-factor authentication (2FA) can also add an extra layer of security to your accounts by requiring a secondary form of verification, such as a unique code sent to your mobile device, in addition to your password. It's also a good idea to use biometric authentication methods (such as fingerprint or facial recognition) if your device offers this.

It's also advisable to avoid accessing sensitive information or entering passwords when connected to public Wi-Fi networks, as they may be insecure and prone to eavesdropping.

While it may not always be easy to spot shoulder surfers, there are certain signs and behaviours that individuals can look out for to help identify potential perpetrators.

If someone stands or sits unusually close to you, especially in situations where there is ample personal space available, it could be a sign that they are trying to get a better view of your device's screen or keypad.

Likewise, if someone seems overly interested in your device or displays an unusual level of curiosity about what you are doing on it, it could be a red flag. They may be trying to observe your actions or gather information.