Abstract: 

Shoulder surfing is a social engineering technique that involves looking over the victim's shoulder to obtain confidential information such as personal identification numbers, passwords, or other data. Because shoulder surfing is often opportunistic and challenging to observe in a real-world setting, little is known about the attack patterns and behavior. In this Lunchtime Seminar, I will present our recent investigations of shoulder surfing leveraging the capabilities of virtual reality. We conducted a lab study and observed users' behavior in different waiting scenarios. Based on the findings, I will present factors influencing shoulder surfing, common attack patterns, and outline a behavioral shoulder surfing model. Finally, I will provide an outlook on our current efforts to replicate our results in the real world.