Tailgating Tactics and Examples

How do you recognize a tailgating attack? Perhaps, someone attempts to convince you to give them access, whether physical or electronic, to a resource that you are authenticated to access, but they may not be. If an employee that you don’t recognize claims to have forgotten their badge to access the facility or the restricted area, be suspicious of the tailgating attack. There are several tailgating tactics an attacker may use. Perhaps, their hands are full, and they need you to hold the door for them. A polite person normally complies with this request. Most social engineering techniques appeal to your sense of social etiquette, we’re trained to hold the door for others as a common courtesy.

Another common tactic is for the attacker to claim they forgot their badge or whatever token is required to access a restricted area. This tactic is effective in a larger organization where the employees don’t all know each other. In my last company, this technique would not have worked because there were only 10 people who worked in my suite. So obviously, we knew who belonged there and who didn’t. My new employer has thousands of employees, so this would be an attack that they would need to be alert to. Another tailgating attack involves asking for electronic access to a restricted resource. “Can I use your machine for just a minute?

It’s such a pain to log into my account to check this little thing.” So what should you do? To prevent tailgating, social engineering attacks never underestimate the importance of the physical security of your facility. Never allow someone without proper authentication into a restricted area, whether the facility as a whole or a secure area such as a data centre within the facility. Never allow someone without proper authentication to use your electronic resource even for just a minute. If you suspect a tailgating attack, contact your facility security team. If the person is a legitimate user, security will be able to assist them. And if they’re not, they can take appropriate action.

Depending on the criticality of your physical resource, consider implementing the use of mantrap doors as shown in the image on the slide. Mantrap doors only allow one person inside a facility at a time and authentication takes place when the person is between the two sets of doors. In conclusion, you’ve learned what tailgating is, what objectives attackers are aiming for in tailgating, and who is at risk for tailgating attacks. We discussed some red flags and warning signs of a tailgating attack and went over some examples, as well as what you can do to protect yourself and your organization from a tailgating attack.

In the next video, we will discuss beating another type of social engineering attack that typically takes advantage of greed. I look forward to seeing you there.