Social engineering is a form of manipulation used by criminals to trick individuals into revealing confidential information. Rather than relying on technical hacking methods, social engineers exploit human behaviour to gain access to data, money or systems. According to the NHS Counter Fraud Authority, social engineering involves “manipulating people into giving away confidential information.”
At CEL Solicitors, we regularly support individuals who have been affected by social engineering scams. One lesser known but increasingly common method is shouldering, also referred to as shoulder surfing.
Shouldering is a physical form of social engineering where an attacker observes someone entering sensitive information. This could be a password, PIN or account detail. It usually happens in public places like coffee shops, offices, trains or other public transport, or at cash machines. These are all environments where people might be distracted and unaware, they are being watched.
Understanding what is shouldering social engineering is essential for protecting your personal data. In today’s digital age, awareness of how criminals operate can help prevent serious financial and emotional harm.
How Shouldering Works
Shouldering typically involves an attacker positioning themselves where they can see a victim’s screen or keypad. For example, someone may casually stand behind you at a cash machine, watching as you type in your PIN. Alternatively, on a train or in a coffee shop, someone might observe you logging in to your online banking on your laptop or mobile phone.
These scenarios might seem harmless at first glance, but criminals are often subtle and skilled at blending in. They may pretend to be waiting in line or working on their own device while covertly stealing your information.
How Does Shouldering Fit into Social Engineering?
Shouldering is a form of physical social engineering. It exploits trust, distraction or a simple lack of awareness, rather than software vulnerabilities or sophisticated hacking tools.
It is often used alongside other tactics, such as phishing or celebrity impersonation scams. In these cases, attackers create believable scenarios to trick people into providing access to their accounts or devices.
In many situations, shoulder surfing can be the first step in a larger scam. For example, once an attacker has your PIN or password, they may wait for the opportunity to steal your phone or wallet, using your details to access your bank account and transfer money.
Real-life example: In the UK, organised criminal groups have been known to use shoulder surfing to watch individuals enter their PINs at cash machines or unlock their phones in public. Once they have this information, they steal the device and quickly transfer money via banking apps. One gang leader admitted that his team could steal up to £20,000 per day using this method.
How to Protect Yourself from Shouldering Social Engineering
Be Aware of Your Surroundings
Always stay alert when entering sensitive information in public. Cover your keypad with your hand at cash machines and shield your screen when using a phone, tablet or laptop.
Public places where shoulder surfing may occur include:
- Coffee shops and restaurants
- Trains and buses
- Airports and waiting areas
- Office lobbies or shared workspaces
- Queues for cash machines or self-checkouts
Use Privacy Screens
One of the most effective ways to prevent shoulder surfing is by using a privacy screen on your laptop, phone or tablet. These screens limit the viewing angle, making it difficult for onlookers to see your display from the side. Here’s a useful guide from NordVPN on how privacy screens work to help you choose the right one for your needs.
Avoid Public Displays of Sensitive Information
Try not to enter passwords, bank details or other private information in public spaces. If you must, take extra precautions to ensure nobody nearby can observe your actions.
Although using public Wi-Fi can also put your information at risk, this is a different type of threat. It involves digital interception rather than physical observation. Both are important risks to be aware of, but shoulder surfing relies specifically on someone watching you in person.
Follow Security Best Practices
Use strong, unique passwords and consider multi-factor authentication wherever possible. Even if someone gains access to your PIN or password, having a second layer of security can stop them in their tracks.
For more tips on protecting yourself from social engineering attacks, including shoulder surfing, visit the National Cyber Security Centre’s website. Their guidance includes practical steps you can take to safeguard your devices, accounts and personal data in everyday situations.
Protect Yourself with CEL Solicitors
If you have been a victim of shoulder surfing, it is important to know that it is not your fault. These attacks rely on subtle manipulation and happen to people from all walks of life. You are not alone, and you deserve support.
At CEL Solicitors, we help victims of scams and fraud claim back what is rightfully theirs. Whether it is shoulder surfing, phishing or another form of social engineering, we understand how stressful and unfair the experience can be.
We work on a no-win, no-fee basis, so there is no financial risk to you. To find out how we can help, visit our Fraud and Scam Claims page, call us on 0330 822 3758, or complete our quick online form for a free consultation.
You do not have to face this alone. With CEL Solicitors on your side, you can take the first step towards justice and financial recovery.
