Social Engineering: What is Tailgating?
What is tailgating?
An attacker seeking entry to a restricted area, where access is unattended or controlled by electronic access control, can simply walk in behind a person who has legitimate access. If your organization has more than one door or perhaps a secondary exit to the parking lot, be sure that no one is allowed in through those doors (except the authorized personnel) – this is known as tailgating.
Common type of tailgating attack:
A person impersonates a delivery driver and wait outside a building. When an employee gains security’s approval and opens their door, the attacker asks that the employee ‘hold the door’, thereby gaining access through someone who is authorized to enter the company.
Tailgating does not work in all corporate settings, such as in larger companies where all persons entering a building are required to swipe a card. However, in mid-size enterprises, attackers can strike up conversations with employees and use this show of familiarity to successfully get past the front desk.
The core focus of an attacker in this type of social engineering is to get physical access to the site – by any means (entry to a restricted area, electronic access control, e.g. by RFID card, simply walks in behind a person who has legitimate access, following common courtesy – the legitimate person will usually hold the door open for the attacker or the attackers themselves may ask the employee to hold it open for them).
The key to stand against this type of social engineering attack is to
KEEP YOUR EYES WIDE OPEN and STAY VIGILANT in the work-premises!