Fraudsters leverage social engineering to employ many types of scams and cyber attacks. Planned manipulation can trick a user or victim into divulging private or sensitive information, and such schemes are often the basis of more sophisticated attacks.
While most people are aware of digital scams, there is a sneaky (yet common) type of physical social engineering scheme: tailgating attacks.
What Is a Tailgating Attack?
Tailgating is a cyber attack hackers use to gain unauthorized access to online accounts or systems protected by a password.
Attackers use tailgating to access a restricted area by closely following authorized personnel upon entry. Also known as “piggy-backing,” the attacker bypasses standard security and authentication protocols by physically intruding upon the entry rights of a permitted person.
Examples of a tailgating attack
The most common example of an innocuous tailgating attack is the attacker requesting for someone to hold open a locked door. By manipulating the victim’s goodwill, the fraudster can enter without proper verification.
A more apt description involves an attacker who slips into a restricted area on the heels of a permitted user after they open a door.
Some fraudsters will even impersonate delivery men or repair men to bypass electronic security and identification procedures, helping gain access to a physical site.
Who Is Most at Risk of a Tailgating Attack?
Since tailgating attacks abuse common courtesy and make unwitting accomplices of unsuspecting individuals, large organizations that secure valuable and confidential property are most at risk.
Enterprises and firms with numerous employees are common attack targets. With a high rate of turnover and the presence of multiple secondary contractors (business personnel, maintenance, cleaners, etc), it is easy for a tailgate attack to occur unnoticed.
Other organizations that commonly feature high levels of foot traffic are also prone to tailgate attacks, such as universities or malls. In most cases, the location features numerous individuals whom the attacker can exploit, in addition to several restricted physical areas that store valuable property, such as server rooms.
How To Prevent Tailgating Attacks
A tailgate attack can have as devastating of an impact as other social engineering schemes like account takeover. If the fraudster accesses on-premise user accounts, steals equipment, or installs malware into IT infrastructure, the damage from such breaches can be extensive.
Take the following steps to defend against physical tailgating attacks:
- Introduce Entry Friction: Ensure that your reception area is fully staffed and operational. Authorized personnel who can challenge each individual that attempts to access private property can deter many scammers. Even a turnstile or entry log can help.
- Educate Employees: Teach employees the signs of a tailgating attack and how to mitigate the possible damage. That includes password protection rules, logging off when leaving computer terminals, and properly closing security doors when entering or exiting a restricted area. Don’t be fooled by confidence, as even the maintenance contractor could be a fraudster.
- Introduce Security Best Practices: If possible, install updated security protocols. Key tags, biometric scanners, and ID badges can all be potential preventative measures. Additional end-point security protocols that restrict user access based on company seniority can protect both physical and digital company property.