Skip to main content

Tax Season Attacks – Part 3, Shoulder Surfing

March 17, 2016

In our last post we covered phishing scams against taxpayers. Now we will take a look at attackers who shoulder-surf taxpayers who are preparing their filings in public, hoping to read sensitive financial information that can be used later.

Shoulder Surfing

The Attack

Shoulder surfing certainly is not the most technical form of identity theft, but it has been an effective means to commit fraud. Shoulder surfing is the practice of looking over someone’s shoulder to get information. A casual glance from behind, or a quick look at paperwork on a desk, can be enough for an attacker to obtain passwords, credit card data, PINs, and other personal and financial data. It is low-tech, but it works.


To prevent prying eyes from stealing personal financial information, people should only prepare tax documents in private places where they will not be shoulder-surfed, such as their home, or a private office. Attach a privacy screen to the computer monitor when preparing taxes, in order to prevent someone who enters the home or office from seeing data on the screen. When stepping away from a computer, someone filing taxes must either log out or lock their computer by pressing Win + L key combination on Windows OS and Control + Shift + Power/Eject on Mac.

Do not use public computers to file taxes. Public computers are more likely to be in places where people can shoulder-surf screens and papers. In addition, public computers may contain malware or keyloggers which may compromise tax data.

Physical security measures extend to paper documents, as well. Do not leave documents unattended unless they are stored securely. Store tax documents in solid folders and envelopes, and store them under lock and key.

Continue to part four: dumpster diving.

    Nicolle Neulist

By: Nicolle Neulist

Intelligence Analyst

See More

Related Blogs

March 23, 2016

Tax Season Attacks – Part 4, Dumpster Diving

Dumpster diving is the practice of combing through commercial or residential waste to find items that have been discarded by their owners. During tax ...

See Details

March 09, 2016

Tax Season Attacks – Part 2, Phishing

Tax season is officially upon us, and with it brings out a host of scams against taxpayers. In this blog series we explore three specific attacks: phi...

See Details

February 29, 2016

Tax Season Attacks – Part 1

It’s the same routine every year during tax season, employers send out important tax information such as W-2s to their employees, television and radio...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.