Episode 9: Social Engineering: Tailgating

What is Tailgating? 

Tailgating , sometimes called piggybacking, is where an unauthorized individual follows an authorized individual into a restricted area.  In the business world, it is when someone has to use a badge to open a door.  In the private world it can involve a gated community, or an apartment building where you have to be buzzed in before you can proceed to an apartment.

Tailgating is a social engineering tactic that may seem to not really involve the digital world because it is a physical world problem.  But this physical attack of a restricted area can give the unauthorized person access to computers and other digital information, or allow them to install spyware or malware.  Many companies have entire buildings that have sensitive information, that can be accessed through one or two doors. Once you are in, the rest of the area is unsecured. Similar to hospital areas where you follow a nurse or doctor in, but every room behind the locked door is open.

Digital Tailgating

There are a few examples of digital tailgating. This can occur when there is a computer in a shared area that is open for multiple people to use.  If someone logs in to an email account or social media account on a shared computer but doen’t log off after finishing, a person can come behind and tailgate into that account.

Many of us have seen posts on social media that seemed out of character. Then in the comments we find that a child or spouse or colleague made the uncharastaristic post. This may seem like a joke, but it is a serious threat to account security. In the case of email, all accounts associated with that email address are vulnerable. Passwords on bank accounts and such can be changed when someone has access to an email account, because account verification is often sent to the email address on file.

If you choose to allow others to use your computer, create a guest account that can’t install programs or games. This will reduce the risk of viruses and malware on your computer. The guest account will also not have the ability to access your accounts or files.

If you live in an apartment building that has a secure entrance, and someone follows you or your neighbor in, everyone in the building is vulnerable to potential danger. 

We live in a world where we are taught to be courteous. Gentlemen hold the door for women. We hold the door open for someone with their hands full. These are good behaviors in many situations. We need to respect others and be kind.

We also need to be aware of who is following behind us in secure environments. If we don’t allow someone into the secure area, the person behind us can be irritated and angry. This may cause a few minutes of problems and frustration. This frustration is balanced by the physical and digital security of people and data inside the secure areas. Just allowing unknown individuals in can put the business or everyone inside the area in jeopardy.

Remember when you have access to an area that is secured there is a reason for the security – even if you do not know that reason.  Be aware of who is around you.  If you use a shared computer, log off of every account you log in to.

How do business prevent tailgating?

  • Badges and smart cards for entrance
  • Security guards
  • Bio-metrics (fingerprints and retina scans)
  • Locked doors and gates

How do individuals prevent tailgating?

  • Be aware when you enter a secured facility – don’t let strangers follow you in.
  • Digitally, log off your accounts or lock your devices when you walk away
  • Don’t hold the door for anyone even someone in uniform
  • Challenge people if they are unfamiliar and in an area where they shouldn’t be
  • Do not allow former employees unchecked access to the business – even if they are your friends
  • Report any suspicious activity to security

In ways tailgating requires us to go against what we have always been taught. It is one of the hardest social engineering tactics to stop.

Remember that security measures are only effective if the people they are designed to protect apply the measures.

Be safe out there in our digital world!

Leave a Comment