Pro­tec­tion and defense against cy­ber­at­tacks have become the focal point of IT security, over­shad­ow­ing other threats, such as tail­gat­ing. However, it’s important to remember that physical security can also be com­pro­mised. Tail­gat­ing, in par­tic­u­lar, poses a sig­nif­i­cant danger. Unlike scamming, tail­gat­ing attacks take place offline and don’t rely on advanced tech­nolo­gies. They can, however, be just as harmful.

What is tail­gat­ing?

Similar to phishing, vishing and smishing, tail­gat­ing is also a form of social en­gi­neer­ing. In this type of attack, a person who is not au­tho­rized to go through a secured entrance or check­point closely follows an in­di­vid­ual who is au­tho­rized to do so in order to gain access to a re­strict­ed area. The term “tail­gat­ing” in its original meaning refers to a vehicle that closely follows behind another vehicle.

In the context of social en­gi­neer­ing, tail­gat­ing refers to someone who follows closely behind another person that is au­tho­rized to go to a re­strict­ed area that they want to gain access to. By staying close to the person and entering the area directly after them, they are able to bypass security without being noticed. These types of attacks can occur in office buildings, data centers, hospitals and other security-critical en­vi­ron­ments. The objective behind such an attack is to steal con­fi­den­tial in­for­ma­tion or install malicious software.

How are tail­gat­ing attacks carried out?

Tail­gat­ing attacks are usually simple and rely on pre­dictable human behaviors, such as someone holding a door open out of po­lite­ness. Often, attackers engage in a brief con­ver­sa­tion with the person that they want to follow in order to establish a semblance of trust. Tail­gat­ing is, in essence, a form of deception that takes advantage of a person’s trusting nature. Below are the basic steps that are typically involved in such an attack:

  1. Identify the target: The attacker selects a building or area they want to enter.
  2. Blend in: The person behaves in a way that makes it seem like they belong there.
  3. Seize the op­por­tu­ni­ty: The person waits until an au­tho­rized person opens the door.
  4. Gain access: Once inside the secured area, the attacker can carry out various harmful actions.

It’s important to keep in mind that tail­gat­ing tech­niques are as diverse as they are bold and can vary sig­nif­i­cant­ly depending on the target. The most common tactics are:

  • The forgetful employee: The attacker pretends to have forgotten their access badge and asks an employee to let them into the building.
  • The emergency: The person pretends to have an emergency to gain access to the victim’s mobile device. Once they have the phone, they redirect it to malicious websites where malware, such as spyware, is down­loaded.
  • The delivery person: The person poses as a delivery driver. Carrying heavy or bulky items, they wait for someone to hold the door open for them.
  • The intern: The intruder pretends to be new to the company and acts as if they are looking for a specific office.
  • The pre­oc­cu­pied person: The person fakes a phone call or another type of dis­trac­tion to give the im­pres­sion that they are busy and belong to the or­ga­ni­za­tion or facility.
  • The visitor: The person claims to have an ap­point­ment with a real employee and is let into the building based on a sense of trust.
  • The false identity: Using a forged or stolen ID, the intruder attempts to deceive security personnel or elec­tron­ic security systems.
  • The dis­trac­tion: An ac­com­plice distracts security personnel or employees while the per­pe­tra­tor sneaks into the building.

An example of how tail­gat­ing works

By looking at an example, it becomes easy to un­der­stand how effective and dangerous tail­gat­ing can be, es­pe­cial­ly when people ignore security protocols or don’t question peoples’ motives. The example below will show how important it is to exercise caution in specific areas of a building at all times. Doing so will help to prevent these attacks from happening.

The head­quar­ters of a large bank is equipped with the latest security tech­nol­o­gy and has a security guard at its main entrance. A tail­gat­ing attacker has iden­ti­fied the building as a target and wants to gain access to the bank’s internal systems to steal con­fi­den­tial in­for­ma­tion. The attacker has already dis­cov­ered that external IT tech­ni­cians go to the head­quar­ters to perform main­te­nance tasks every Thursday. The attacker gets a uniform that resembles that of the IT tech­ni­cians and creates fake documents and IDs.

The next day, the attacker ap­proach­es the bank head­quar­ters. To appear authentic, they are carrying a toolbox. At the entrance, they encounter the group of real IT tech­ni­cians. Seizing the op­por­tu­ni­ty, the person joins them, pre­tend­ing to be a part of their team. Visually fitting in with the group of IT tech­ni­cians, they are able to enter the bank without anyone noticing or stopping them as they follow after the others. Inside the building, they ask an employee for di­rec­tions to a specific server room, claiming to be new to the team. The employee shows them the way. In the server room, the person connects their laptop and begins ex­tract­ing con­fi­den­tial data. Once they have gathered enough in­for­ma­tion, they leave the building unnoticed. Through simple tail­gat­ing, the attacker was able to dis­creet­ly gain physical access to a high-security area and steal valuable data.

How to protect your company against tail­gat­ing

When it comes to ef­fec­tive­ly pre­vent­ing tail­gat­ing attacks, relying on technical solutions is not enough. Tail­gat­ing is con­sid­ered a Layer 8 problem, meaning that human error poses the greatest risk with this kind of security threat. That’s why it’s crucial to also set up measures to increase employee awareness. Below are some things you can do to protect your company:

  • Training: Employees should be informed about the risks of tail­gat­ing and trained on how to recognize attacks early.
  • Cameras: Sur­veil­lance cameras can deter criminals and also provide a way to in­ves­ti­gate tail­gat­ing attacks after they have occurred.
  • Two-factor au­then­ti­ca­tion: A system that requires both an ID card and a PIN or a biometric feature (for example, a fin­ger­print) can reduce the risk of tail­gat­ing.
  • Physical barriers: Turn­stiles, airlocks or revolving gates that allow only one person to enter at a time make it more difficult for criminals to gain access to somewhere unnoticed.
  • Visitor man­age­ment: Guests and external service providers should be reg­is­tered upon entering the building and required to wear a visitor’s badge that is visible at all times.
  • Regular security in­spec­tions: Con­duct­ing regular checks and tests of security measures help to identify vul­ner­a­bil­i­ties that may be present.

For effective pro­tec­tion against tail­gat­ing, it’s essential to secure IT systems as well. This includes regularly updating software, carrying out backups following the 3-2-1 backup rule and using secure passwords.

My­De­fend­er
Easy cyber security
  • Regular virus and malware scans
  • Automatic backups and simple file recovery
Go to Main Menu