What Are Tailgating Attacks?

  • By Greg Brown
  • Jan 09, 2023

tailgating attack

Throughout history, manipulation of human behavior has been used by some of the vilest people imaginable. It has also been used in some everyday applications. For example, the art of psychological manipulation in the military creates a stable, lifelong identity for those who buy into the overall plan. 

Fast forward to today’s aggressive social engineering predators; their attacks are causing havoc in business and personal life around the globe. Common assaults are phishing, pretexting, scareware, and the list goes on and on.

Tailgating or piggybacking is an older simple form of social engineering; highly effective in gaining access to restricted areas. 

Tailgating

Newer forms of social engineering attacks combine the virtual and physical. Tailgating happens when an unauthorized person gains physical access to off-limit areas controlled by a password or some other form of protection.

Once entry has been gained, the unauthorized person can cause considerable property damage. This may include stealing sensitive company data, compromising personnel credentials, or installing malware. 

Piggybacking is another form of tailgating. However, piggybacking involves the explicit consent of an unwitting employee. Smooth-talking hackers convince an employee to give them access so they can deliver their packages. 

Tailgating is social manipulation, much like phishing, spear phishing, or whaling attack. Even though the main emphasis of the attack is not from a computer, it uses an unaware employee as an accomplice to the crime.

 The person being followed is unaware of the attacker’s intent, with unauthorized access being forced or accidental. Criminals simply follow an employee, impersonating a delivery driver or waiting for someone to open the door, thereby circumventing access control.

How Does the Attack Begin?

Employees today often receive sufficient training to recognize several computer-related assaults, such as phishing attacks. Social engineering predators have developed manipulative tactics to steal data and other financial information from unwitting company employees. 

However, does the modern employee recognize tailgating? Probably not.

Tailgating starts in many ways, usually with the predator hanging out near an entry door of their intended target. The predator waits for an authorized person to show up, so they can follow them through without being questioned. 

Examples of a Tailgating Attack

Following the authorized person through the door without their knowledge is by far the most common form of tailgating. The second scenario; talking with the person and convincing them they need help to enter the premises because they have legitimate business with the company. 

  • Perpetrators may pose as a company's new employee who forgot their ID badge. To reinforce their intentions, the predator may dress like other employees and hang out in employee-designated break areas. This form of social engineering is easily identified as manipulating another person. 
  • Attackers may pose as delivery drivers and demand access to the building because they are on a tight schedule. It is common for the attacker to carry boxes or maybe food.
  • Attackers may ask an unwitting employee to borrow their phone or laptop because the attacker’s battery has died. Once a device has been handed over, the predator may install malware or steal credentials.
  • Social engineering predators may fake an injury. Before an employee hits the door, they do their best to look frustrated trying to gain entry. As a courtesy, an unwitting employee helps the attacker gain access. 

Who is Vulnerable to Tailgating?

Once the criminal has gained access, a device is used to steal confidential information, access the network, or infect an unlocked computer with malware. Tailgating using an unknowing employee can be exploited to launch attacks that may cost the company millions in damages.

Large organizations with thousands of employees and multiple entry points are highly susceptible to tailgating attacks. Organizations with high employee turnover or relying on subcontractors for specific tasks are at high risk. 

Universities and open campuses with a lot of foot traffic may have a significant risk. Students rush from class to class without thinking twice about opening or holding the door, even if they do not know who is following them. 

Offices with employees hopping from meeting to meeting are especially vulnerable to attack.

The above situations are ripe for tailgating criminals. Predators who enter a business unlawfully can cause massive damage with other types of data breaches, including ransomware and other malware-enabled attacks. 

How Organizations Can Protect Themselves

tailgating is an example of what type of attack

Most companies today have overlooked physical threats and preoccupied themselves with preventing cyber-attacks. This preoccupation has contributed to the success of tailgating. The consequences of a tailgating attack can be as devastating as any other kind of assault, virtual or physical. 

Organizations must take a proactive approach against tailgating and all other forms of attack. Success requires fundamental measures to be implemented online and in the physical space:

  • If the organization has a lot of foot traffic in and out of its building, physical barriers such as turnstiles are an excellent option. Turnstiles allow only one authorized person through at a time. Building with multiple entries may need to find a different option or lock all other doors. 
  • Video surveillance and identification are excellent options for recognizing tailgating. Video systems not only serve as a deterrent to crime but help law enforcement.
  • Biometrics is an advanced way for companies to provide authentication. They scan the unique features of a person and compare the results to a database for approval. 

Examples of biometric security:

  • Voice recognition
  • Iris recognition
  • Fingerprint scanning
  • Facial recognition
  • Heart-rate scanning

Employees of the organization must understand social engineering and its potential impact on the company. Most cyber-security experts agree; employees must be trained thoroughly and understand social manipulation.

Each person in the organization should be able to spot and deal with cyber threats and tailgating attacks. Employees should cultivate an awareness of their surroundings and who seems out of place. Company executives should have clear cyber-security goals in place before an attack occurs. 

Strict cyber-security policies might include no one being allowed into a secure area without proper identification. Zero-trust policies should be considered by every company, even in a physical space. Zero-trust goes a long way in defeating tailgating.

About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private ig account. You might want to block ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Pubic to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone’ ... Read More

Latest Articles

Pennsylvania Maternal & Family Health Services Announces Ransomware Attack

Pennsylvania Maternal & Family Health Services Announces Ransomware Attack

Anyone paying even little attention to cybersecurity knows that medical practices and services are some of the most targeted institutions in the world.

Weekly Cybersecurity Recap January 27

Weekly Cybersecurity Recap January 27

This week, our lineup is pretty hard-hitting. Some of the biggest names in, well, everything, have been hacked, with a combined victim total of well into the millions.

MailChimp Announces Data Breach Affecting Tiny Number of Customers – With Big Ripples

MailChimp Announces Data Breach Affecting Tiny Number of Customers – With Big Ripples

MailChimp has been hacked repeatedly over the years; there is very little surprise in the breach, though one thing should be considered.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address
Close