Which method is commonly used by malicious employees to gain access to user passwords?

Shoulder surfing is a method that involves directly observing someone as they input their password or other sensitive information, often at close range. It is a discreet way for an individual to capture this information without the need for sophisticated techniques or technical tools. Malicious employees may exploit this method in public places, such as in offices or at ATMs, to gain unauthorized access to user accounts by simply watching their colleagues or unsuspecting victims input their passwords.

In contrast, other methods mentioned in the options tend to involve different approaches: phishing relies on tricking individuals into revealing personal information through deceptive emails or websites, which is more indirect. Man-in-the-middle attacks involve intercepting communications between two parties, requiring more technical execution. Tailgating, on the other hand, refers to gaining physical access to restricted areas by following authorized personnel, which does not specifically focus on obtaining passwords. Each of those methods serves a different purpose and context, highlighting that shoulder surfing is specifically centered on the act of voyeurism to capture sensitive data directly.