EXECUTIVE SUMMARY:

Subscribe to our cybersecurity newsletter for the latest information.Social engineering threats account for a large number of all cyber attacks. Research indicates that these attacks are increasing. Over 90% of effective cyber threats start with a ubiquitous form of social engineering; phishing.

Social engineers aim to have unwitting users disclose private or sensitive information. These manipulative tactics enable social engineers to steal data that can be used to launch more sophisticated attacks or for financial gain.

Most people can identify a basic phishing attack. But would you or your colleagues recognize a tailgating attack?

Tailgating attack definition: What is a tailgating attack?

Tailgating is a simple social engineering attack enabling hackers to gain access to a password-protected or otherwise off-limits physical location. Tailgating involves closely following an authorized person into a restricted access area. As a regular employee opens a heavy door, for example, a tailgating social engineer may grab the door as it’s about to close, waling right into the targeted physical system.

  • Organizations with multiple entrance points may be uniquely vulnerable to these types of attacks. For example, someone posing as a delivery driver could attempt to enter a building through a parking lot area entrance.
  • Organizations with large numbers of employees, and that are prone to employee turnover, are also vulnerable to tailgating social engineering type attacks.
  • In office spaces where employees continually move from meeting to meeting, across a vast network of buildings and corridors, tailgating attempts may also evade scrutiny.

Direct tailgating attempts do not work in all environments. Established organizations commonly have entry-oriented security protocols in place; from biometrics-based systems, to badge systems, to other forms of identification. Nonetheless, it may be possible for a bad actor to start chatting with employees, and to leverage this type of familiarity to get into otherwise secured areas. Attackers will attempt to pressure or otherwise psychologically manipulate potential unwitting tailgating attack ‘accomplices’.

Tailgating attacks vs. Piggybacking

The tailgating attack definition can also include another type of social engineering; known as piggybacking. In these types of attacks, attackers also gain entry into a restricted area without authorization. In Piggybacking attack situations, however, persons with access permissions are aware of providing unauthorized entry to someone else.

Tailgating in social engineering: Staying safe

When it comes to stopping tailgating attacks, organizations may want to ensure that the reception area is properly staffed and that identification systems are in-use. Visitor badges and video surveillance can also help prevent and thwart tailgating.

Employees should generally remain vigilant and adhere to security best practices. For instance, employees can help to ensure that all persons in a given area have permission to be there. While it can be intimidating to ask someone for their credentials, employees can always inquire with the physical security team in the event that a suspicious person appears on the premises.

Hackers’ strategies are continually evolving and tailgating social engineering tactics can be tricky to spot. CISOs may want to ensure that employees receive regular training pertaining to the latest social engineering tactics. Employee education not only cuts down on tailgating social engineering threats, but also on a variety of attack types; from phishing, to ransomware, to Business Email Compromise (BEC) scams. Everyone should remain alert when it comes to the possibility of a creative tailgating attack.

For more information about social engineering attacks, see CyberTalk.org’s past coverage. Discover additional cyber security news, trends and insights when you sign up for the Cyber Talk newsletter.