What is shoulder surfing? Warning issued about mobile phone fraud

Shoulder surfing is a tactic criminals use to access personal information (Robin Worrall)
Shoulder surfing is a tactic criminals use to access personal information (Robin Worrall)

A UK fraud officer has issued a warning about “shoulder surfing,” a tactic thieves use to access victims’ financial information before stealing their phones.

Detective Superintendent John Roch, head of economic crime at the Metropolitan Police in London, told the BBC that criminals were exploiting human behaviour to commit fraud.

He said: “It’s only a phone... but if you take that out without the right precautions and protections around it, you are essentially walking around with a bag of cash.”

So what is shoulder surfing and what steps can you take to protect yourself?

What is shoulder surfing?

Shoulder surfing is where thieves look over the victims’ shoulders to see them enter financial information on their phone, such as their PIN or bank details. It typically happens in public, crowded areas.

They then steal the phone and access the victim’s banking apps to steal money.

Shoulder surfing can also involve a thief looking over a person’s shoulder when they’re using an ATM, to gain access to information such as their PIN, before stealing their card.

Thieves may also watch victims enter their card information when shopping online, or look for people entering passwords on various sites.

Experian warns that shoulder surfing can even happen from afar, with thieves using cameras or binoculars to watch victims enter key information.

What is the impact of shoulder surfing?

Once thieves have access to your financial information, such as passwords or PINs, they can gain access to your banking apps and transfer money.

They could use your personal information to apply for loans or credit cards, or even sell your personal data to other criminals.

How to avoid being a victim of shoulder surfing

Be aware of your surroundings when entering personal information in public. Make sure your back is against a wall and that nobody can see your phone or laptop screen. Take extra care when using an ATM.

Use biometric data such as facial ID or fingerprints to avoid having to enter passwords in public. Using contactless payments where possible means you avoid using your PIN in public.

Use different passwords and PINs. If you use the same password for everything, thieves will be able to gain access to more of your personal data by learning only one password.

Regularly check your bank statements to keep an eye out for any suspicious activity. The sooner you spot fraudulent activity, the sooner you can go to your bank for help to prevent further damage.