11 Eye-Opening Shoulder Surfing Statistics to Know

In today’s digital age, where people can easily access and share sensitive information, safeguarding personal privacy is of utmost importance. 

While cybersecurity measures like encryption and strong passwords play a crucial role, shoulder surfing still poses a threat.

It refers to the act of observing someone’s screen or input device to gain unauthorized access to it.

So, how does it work? Imagine you’re in a busy cafĂ©, checking your online banking and someone nearby sneaks a peek and sees your login info and account details. 

Once they have it, they could use that to steal your money or access sensitive financial information.

For example, in May 2023, a shoulder surf victim in the UK lost 70,000 pounds. It constituted his personal and business funds after he visited a busy pub.

Also, in France, a gang was arrested for stealing over 153,000 euros after peering over victims’ shoulders and watching them type in PIN codes at cashpoint machines.

In addition, even in public places, like on a bus, someone might glance at your phone and see private conversations or personal photos. This invasion of privacy can lead to embarrassment, blackmail, or misuse of your personal information.

So let’s explore some eye-opening shoulder surfing statistics that shed light on this privacy concern.

Contents

Stunning shoulder surfing statistics

Before delving deep, here are some quick shoulder surfing statistics:

  • Men are more concerned about being shoulder surfed than women.
  • Shoulder surfing takes place in less than 3 minutes
  • 27% of shoulder surfers feel bad after the activity
  • Over 89% of shoulder surfing involves a smartphone.
  • WhatsApp is the most popular instant messaging platform to be shoulder surfed.

General shoulder surfing statistics

1. Patterns are easier to be shoulder surfed rather than pins and passwords.

(Source: Science Direct)

According to a 2019 experiment, patterns (such as the ones used to unlock mobile devices) are generally easier to shoulder surf and comprehend quickly than PINs and passwords.

A significant number of participants in the study were able to uncover a 6-point pattern (used to unlock devices) within a single observation. 

Specifically, 64.2% of participants could do so, and this percentage increased to 79.9% when multiple observations were allowed.

Patterns may be more vulnerable to shoulder surfing attacks due to their visual nature.

2. 6-digit PINs appeared much harder to shoulder surf.

(Source: Science Direct)

Only a small percentage of participants – 10.8% – could correctly guess the 6-digit PIN within a single observation

When multiple observations were allowed, it increased to 26.5%.

These shoulder surfing stats suggest that 6-digit PINs offer a higher resistance level against shoulder surfing than patterns. 

However, while pins are difficult to shoulder surf because it is harder to memorize quickly, the risks are still high. 

3. Shoulder surfing occurs every day 

(Source: NYU) 

A study conducted by Memon and Nguyen in 2016 revealed that 73% of mobile phone users reported that they had known someone else’s PIN.

However, most shoulder surfing is not necessarily with malicious intent. People just happen to notice and memorize credentials.

Also, 97% of those surveyed claimed to be aware of a shoulder surfing incident in their everyday life, and the victims were not usually aware of it

4. In the UK, 72% of commuters are shoulder surfing

(Source: Orange Business)

According to Ponemon’s research, in the UK, a surprising 72% of commuters engage in shoulder surfing, peeking at the work of the person sitting beside them during their journey. 

Shockingly, one in every five people confesses to having witnessed highly confidential information while engaging in this practice.

Also, average shoulder surfing takes less than 15 minutes.

5. 34% of observers in a shoulder surfing incident are harmless. 

(Source: LMU Munich)

Based on an LMU Munich survey, most people who participate in shoulder surfing incidents were strangers who simply did it out of boredom or curiosity, each accounting for 34% of the cases. 

What’s interesting is that in many situations – 27% – the observers experienced negative emotions like guilt or unease. 

But it’s important to note that all the incidents were simple, one-time observations and did not involve advanced equipment like video cameras.

(Source: University of Glasgow)

In a study by the University of Glasgow, 87.5% of the respondents acknowledged doing shoulder surfing on one or more of the following applications: WhatsApp, Facebook, Gallery, and various games. 

Several participants shared specific details about the accessed content, including photographs from the gallery, game specifics, and WhatsApp messages.

Additionally, every participant admitted to engaging in shoulder surfing at least once. 

These findings suggest that the practice is not limited to a specific demographic, highlighting that anyone has the potential to be a shoulder surfer.

7. Shoulder Surfers gangs can earn up to 500,000 euros from their victims 

(Source: The Brussels Times) 

In Belgium, a surfer gang of about 25 women made half a million euros through shoulder surfing in over 100 incidents. 

However, it was reported that this gang had been successful due to the carelessness of their victims.

This shoulder surfing statistic serves as a reminder of the importance of personal security and vigilance in protecting sensitive information.

Shoulder surfing demographics statistics

Some of the most significant demographic shoulder surfing and where it is being done include the following:

8. Over 67% of Shoulder surfing happens on public transport.

(Source: LMU Munich)

According to a survey, 130 out of every 193 shoulder surfing cases happen on public transport.

In addition, 157 out of 175 cases (89.7%) of shoulder surfing involved a smartphone device, while tablets and laptops constitute just 8 and 7 cases, respectively.

Shoulder surfing an ebook reader occurs the least, with only 1.7% of the total survey.

The participants of this survey were from Germany, Egypt, and some parts of Europe.

9. 47% of Shoulder Surfing was on text content

(Source: LMU Munich)

According to the study, text-based content was the most commonly observed (47%) regarding shoulder surfing. 

This includes messages, emails, or other textual information individuals access on their devices. 

After that, pictures (24%) were the next most observed type of content, followed by games (13%).

Regarding the platforms affected by shoulder surfing, instant messaging platforms were the most impacted (42%). 

In conclusion, this suggests that shoulder surfers are targeting communication activities conducted through messaging apps. 

Social networking activities on platforms like Facebook were also mentioned, with 18% of incidents occurring in that context.

10. 36.7% of shoulder surfing cases affect a third party.

(Source: LMU Munich)

Most personal information exposed through shoulder surfing primarily involved a user’s relationships (34%), with 49 out of 143 cases relating to this category.

Also, the revealed information did not pertain to the users in over a third of these instances (18 out of 49). 

The leaked data belongs to third parties they communicated with, such as names, interests, or even glimpses into someone’s apartment during a video chat.

11. Men are more concerned about being shoulder surfed than women

(Source: Pressat)

The findings by 3M reveal that 46% of individuals have expressed worries about the possibility of others seeing or reading their confidential or private information while accessing or working on it. 

Interestingly52% of men expressed worry compared to 41% of women.

Tips on how to prevent shoulder surfing

Here are some tips to help you prevent shoulder surfing:

  • Be aware of your surroundings: Stay alert and watch out for people around you, especially in crowded or public places.
  • Maintain distance: Position yourself in a way that creates more distance between you and others.
  • Use privacy screens or filters: Consider using accessories that limit the viewing angle of your screen.
  • Adjust screen brightness: Set your brightness to a level that makes it difficult for others to see it from different angles.
  • Shield your actions: Use your body or hands to block the view of your screen or keypad while entering sensitive information.
  • Utilize secure locations: Choose locations where your back is against a wall or corner to minimize the angles from which someone can observe you.
  • Be cautious of reflective surfaces: Be aware of mirrors or shiny objects that can inadvertently reveal your screen, and adjust your position accordingly.
  • Use virtual keyboards: When possible, use them with randomized layouts to make it harder for shoulder surfers to figure out your inputs.
  • Change passwords regularly: Regularly change your passwords to ensure that even if someone shoulder surfs, the obtained information becomes outdated quickly.

Also, keep in mind it’s essential to maintain good practices against cyber security attacks beyond shoulder surfing prevention. 

This includes using strong and unique passwords, enabling two-factor authentication, and keeping your devices and software updated with the latest security patches.

Wrap up

Many shoulder surfers are out there, always waiting for the careless individual. 

So if you suspect you have been a victim of shoulder surfers, immediately check your credit card reports for the possibility of any unusual activity or change your password for all your accounts or report to your financial services if necessary. 

But understanding the basics and the statistics of shoulder surfing will give you a hedge in protecting yourself from those with malicious intent.

FAQ

Where is shoulder surfing most likely to happen?

Shoulder surfing is most likely to occur in crowded public places, such as cafes, airports, and public transportation.  These locations allow individuals to observe screens or keypads in proximity.  Vigilance is essential to safeguard sensitive information when using devices in such environments.

Why is shoulder surfing a threat?

Shoulder surfing is a sneaky threat that puts your personal information in the hands of the wrong people. 

Imagine a stranger peeking over your shoulder, snatching your passwords or credit card details without you even noticing! 

It’s like giving them a VIP pass to your private life, making it crucial to stay vigilant and protect yourself from this crafty danger.

What are the effects of shoulder surfing?

Shoulder surfing has significant effects, including invasion of privacy, potential financial loss, and compromised security. 

It exposes personal information, such as passwords and confidential data, leading to identity theft and unauthorized account access. 

Additionally, it weakens overall security, making individuals vulnerable to further attacks and potential breaches.

Is shoulder surfing social engineering?

No, shoulder surfing is not typically considered a form of social engineering. 

Social engineering involves manipulating individuals to gain unauthorized access or obtain sensitive information through psychological techniques. 

It involves deception, persuasion, or exploiting human behavior and trust. 

While shoulder surfing involves observing someone’s actions or information without their knowledge, it does not necessarily involve direct interaction or manipulation of the individual, which is characteristic of social engineering. 

However, shoulder surfing can provide information that could be used in social engineering attacks.

Is shoulder surfing illegal?

Shoulder surfing is not typically illegal, as it refers to observing someone’s activities or information without their knowledge or consent. 

However, the actions resulting from shoulder surfing, such as unauthorized access to personal data or identity theft, can be illegal and subject to legal consequences. 

It is important to respect others’ privacy and adhere to the laws and regulations regarding data protection and personal privacy.

Sources

  1. Science Direct 
  2. NYU 
  3. Orange Business 
  4. LMU Munich 
  5. University of Glasgow 
  6. The Brussels Times 
  7. Pressat