Social Engineering: What is Tailgating?
What is tailgating?
Tailgating is a physical Social Engineering attack where someone seeks entry to a restricted area where they are not allowed to be.
A definition of tailgating in the physical world is when a car follows another car very closely, making it unsafe and uncomfortable for the front driver.
Basically, a tailgating attack is when someone sneaks into a restricted area by using someone else. It can be, just like cars, by following someone real close (“Hey! Hold the door please!). Or attackers can fool people by pretending to be someone else, just like phishing or pretexting.
Tailgating is different from those Social Engineering attacks, though. Indeed, it is a physical intrusion, in order to access sensitive data, money, …. This way, it’s closer to baiting.
Some tailgating attack examples
A person impersonates a delivery driver and waits outside a building. When an employee gains security’s approval and opens their door, the attacker asks that the employee ‘hold the door’. Thereby gains access to the company through an authorized person.
The impostors can take many forms, such as repair guys, individual pretending to hold heavy boxes. Anything that can make you feel guilty for not holding the door or not granting access.
However, tailgating does not work in all corporate settings. For instance, in large companies, everyone entering a building need to swipe a card. However, in mid-size enterprises, attackers can strike up conversations with employees and use this show of familiarity to pass.
The core focus of an attacker in this type of social engineering is to get physical access to the site. Entry to a restricted area, electronic access control, e.g. by RFID card, simply walks in behind a person who has legitimate access. Following common courtesy – the legitimate person will usually hold the door for the attacker.
The most famous tailgating attack example is probably the well-known story of Frank Abagnale, whose story you have probably discovered in the movie “Catch Me If You Can”. Abagnale scammed many people and entered many restricted areas where he was not allowed. Acting with confidence made him go many places and fool many people.
How to prevent tailgating?
A tailgating attack can be especially dangerous to mid-sized and larger organizations as there is too much at stake. Some examples are: stealing company secrets, money, and equipment. Another severe example is to install a backdoor to the server to eavesdrop on every conversation on the company’s network.
If you are working for a mid-sized company then you should start challenging everyone who wants to get access to the premises. It may seem rude and awkward however it is in your company’s best interest. Ask management to install biometric scanners and turnstiles to prevent a tailgater from just walking in the building.
Biometric scanners and turnstiles prevent the tailgater from walking with you inside the building as they only allow for one person at a time . Additionally, you should challenge that individual and ask questions that only employees would know.
Knowledge is power
Tailgaters often take advantage of unaware employees. It is absolutely vital that you train your employees and arm them with knowledge. You can provide them with a free security & privacy awareness course to make sure they never fall for a tailgating attack again. Every time your company gets a new intern you should make sure you provide them with basic cybersecurity training, as 99% of interns are completely unaware of such attacks exist.
None of these tips will matter if you don’t stay vigilant and be suspicious of everyone you don’t know. Holding the door for a person who is “running late” seems harmless but that decision carries a lot of weight. As an employee, you are responsible for making sure that nobody except authorized personnel enter the building(s).
The key to stand against this type of social engineering attack is to
KEEP YOUR EYES WIDE OPEN and STAY VIGILANT in the work-premises!
– Mailfence Team