Social Engineering: What is Tailgating?
What is tailgating?
An attacker seeking entry to a restricted area, where access is unattended or controlled by electronic access control. If your organization has more than one door or perhaps a secondary exit to the parking lot, be sure that no one is allowed in through those doors (except the authorized personnel) – this is known as tailgating.
Common type of tailgating attack:
A person impersonates a delivery driver and waits outside a building. When an employee gains security’s approval and opens their door, the attacker asks that the employee ‘hold the door’. Thereby gains access to the company through an authorized person.
However, tailgating does not work in all corporate settings. For instance, in large companies, everyone entering a building need to swipe a card. However, in mid-size enterprises, attackers can strike up conversations with employees and use this show of familiarity to get past.
The core focus of an attacker in this type of social engineering is to get physical access to the site. By any means (entry to a restricted area, electronic access control, e.g. by RFID card, simply walks in behind a person who has legitimate access. Following common courtesy – the legitimate person will usually hold the door for the attacker.
How to prevent tailgating
Tailgating can be especially dangerous to mid-sized and larger organizations as there is too much at stake. Some examples are: stealing company secrets, money, and equipment. Another severe example is to install a backdoor to the server to eavesdrop on every conversation on the company’s network.
If you are working for a mid-sized company then you should start challenging everyone who wants to get access to the premises. It may seem rude and awkward however it is in your company’s best interest. Ask management to install biometric scanners and turnstiles to prevent a tailgater from just walking in the building like it is a walk in the park.
Biometric scanners and turnstiles prevent the tailgater from walking with you inside the building as they only allow for one person at a time . Additionally, you should challenge that individual and ask questions that only employees would know.
None of these tips will matter if you don’t stay vigilant and be suspicious of everyone you don’t know. Holding the door for a person who is “running late” seems harmless but that decision carries a lot of weight. As an employee, you are responsible for making sure that nobody except authorized personnel enter the building(s).
The key to stand against this type of social engineering attack is to
KEEP YOUR EYES WIDE OPEN and STAY VIGILANT in the work-premises!
– Mailfence Team