60-SEC FIX
Someone Has Physical Access to Your Laptop RIGHT NOW?
Do these 5 things. In order. Right now.
60-second read · 5 actionsDo these 5 things. In order. Right now.
60-second read · 5 actionsPress Win+L (Windows) or Cmd+Control+Q (Mac) right now. Every second your screen is visible, someone can photograph your data, read your emails, or see saved passwords. Do this before reading step 2.
Unplug any USB drive, adapter, or dongle you don't recognize. USB rubber ducky attacks execute malicious commands in seconds. If you find an unknown device, do not plug it back in — bag it as evidence. Check every port, including hidden ones on docking stations.
If you have a physical privacy filter, verify it's seated. If not, tilt your screen down 15–20 degrees and move to face a wall. Shoulder surfing in offices, coffee shops, and airports captures more credentials than phishing — Verizon's 2024 DBIR confirmed physical access vectors in 14% of breaches.
Open Bluetooth settings and review paired devices. Remove anything you don't recognize. Attackers use Bluetooth keyloggers and proximity-based exploits to capture keystrokes wirelessly. If your laptop was unattended, assume Bluetooth was probed.
Open your browser, go to your Google or Microsoft account security page, and check "Recent security activity" and active sessions. Look for logins from unfamiliar locations or devices in the last hour. Sign out anything suspicious immediately and change that account's password from a different device.
You're stabilized. Here's why that worked.
Screen locking is the single most effective physical security action. The Verizon Data Breach Investigations Report consistently finds that physical access — someone simply walking up to an unlocked device — accounts for a significant percentage of corporate breaches. A locked screen with a strong PIN or password is a hard stop. No exploit bypasses it without advanced tools.
USB attacks are not theoretical. Devices like the USB Rubber Ducky ($50 online) emulate a keyboard and type malicious commands at superhuman speed — opening terminals, downloading payloads, and exfiltrating data in under 10 seconds. The 2022 Colonial Pipeline attack began with a compromised credential, but USB-delivered malware remains a top physical vector. Removing unknown devices eliminates this entirely.
Privacy screens work by limiting the viewing angle to roughly 60 degrees — anyone more than 30 degrees off-center sees a dark screen. A Carnegie Mellon study found that shoulder surfing succeeds in capturing sensitive data 73% of the time in public spaces without privacy filters. Even angling your screen away reduces the attack surface by roughly half.
Bluetooth exploitation has evolved beyond simple eavesdropping. Attacks like BlueBorne (CVE-2017-0781) can compromise a device without pairing. KeySniffer captures keystrokes from wireless keyboards. Reviewing and pruning paired devices removes dormant backdoors that an attacker may have established during an unattended window.
Login activity audits catch what the other four steps might miss. If someone accessed your email, cloud storage, or social media during an unattended period, active sessions will show it. Google's security dashboard and Microsoft's account activity page show IP addresses, device types, and timestamps. Signing out suspicious sessions and rotating credentials is the final lockdown.