Social Engineering: What is Tailgating?

What is tailgating?

An attacker seeking entry to a restricted area, where access is unattended or controlled by electronic access control, can simply walk in behind a person who has legitimate access. If your organization has more than one door or perhaps a secondary exit to the parking lot, be sure that no one is allowed in through those doors — this is known as “tailgating.”

In a common type of tailgating attack, a person impersonates a delivery driver and waits outside a building. When an employee gains security’s approval and opens their door, the attacker asks that the employee hold the door, thereby gaining access through someone who is authorized to enter the company.

Tailgating does not work in all corporate settings, such as in larger companies where all persons entering a building are required to swipe a card. However, in mid-size enterprises, attackers can strike up conversations with employees and use this show of familiarity to successfully get past the front desk.

The core focus of an attacker in this type of social engineering is to get physical access to the site — by any means (entry to a restricted area, electronic access control, e.g. by RFID card, simply walks in behind a person who has legitimate access, following common courtesy — the legitimate person will usually hold the door open for the attacker or the attackers themselves may ask the employee to hold it open for them).

The key to stand against this type of social engineering attack is to

KEEP YOUR EYES WIDE OPEN and STAY VIGILANT in the work-premises.

Check blog.mailfence.com for having the most recent version of this blogpost.

Follow us on twitter/reddit and keep yourself posted at all times.

- Mailfence Team