TAILGATING- THE SOCIAL ENGINEERING BAITING
Hacking and security bypass is often premised under the very idea that they come in mostly through the back door, or a prohibited may be undiscovered entry. Don’t these ones know to use a front door? From one of my favorite movie scripts “..a gentleman goes out the same way he came in- the front door“.
Truth is, most times hacking or security breaching does not necessarily require a wall of computer screens and keyboard floors in a basement, as depicted in the movies of a typical introverted programmer`s lair; when seeming complex problems have the simplest solutions like inspecting your entry point- the front door.
Why should I have to use the window when you left your front door open and unguarded? Inasmuch as your suspicions should be aroused, do not forget to think naturally too.
What is Tailgating?
Tailgating is a social engineering attack where an unauthorized person gains access to a restricted area led by a clueless authorized individual. Tailgating is also referred to as PIGGYBACKING. The most usual practice is where the trespasser rushes in after the authorized person to avoid the door jamming against him although, this is not usually the only objective.
Tailgating is a physical activity that exploits human factors- skill and cleverness.
There are forms to piggybacking and it is necessary knowledge of all possible forms are brought to you as a precautionary measure because such knowledge would be your power.
Common forms and practices of Tailgating
- The Thor Hammer Drama: this is a drama award deserving ruse. Is it not uncourteous not to hold open the elevator or spring-hinged door for someone whose hands are occupied by a heavy object? This creates a dilemma on how we should be careful while applying moral judgement. You must surrender to being the gentleman momma raised.
- The Delivery guy: here, a social engineer pretends to have a parcel for an officer at the firm with the expectation to bypass security by asking for a signature from that officer.
- The Sanguine character: being the most sociable of the four temperaments; with their excellent communication skills, they can sneak into the company of workers of the targeted firm are having their lunch break, engage few persons in immersing topics- usually those with higher authorization, expecting a call back at the office to hear the end of that story. What? Do you eat your cake half baked?
- The Leg Stud: this is the classics. A popular act seen in many movies and TV shows, where the tailgater uses his foot to stop the door from jamming after authorized entry has been made. They are usually smart to know they should wear shoes as some doors are not so subtle; say they are bone breakers!
- The Sorensen appointment: everyone talks about and quotes the 35th U.S. President John F. Kennedy who presented motivating speeches but no one talks about Theodore Chaikin Sorense, the American lawyer, writer and presidential adviser who wrote his speeches and who JFK called is “intelectual blood bank“– everyone talks about the heroes, but who makes the capes?
- This method is applied by those social engineers where they pretend to have a meeting with the unpopular Sorenson; who will object when he is unpopular? Besides this method is most effective where Sorensen keeps religiously to his routines and it is known he will not be at the office at hours of his coffee break. Idea is, if Sorensen in unavailable, he can’t tell if there is an appointment.
It is now obvious that the least security measure as watching the door shut behind you, should not be taken for granted.
Below are some ways to prevent a tailgating attack.
How to prevent Tailgating attacks
In addressing this and prevention, it is imperative we think as the malefactor; run his mental game, a penetration test where tech solutions are needed. This exposes potential threats behind back doors and even unlocked front doors you would have dismissed quickly as nothing.
To prevent tailgating attacks, the following points may come handy for organizations:
- Ensure your workers are given access cards to authorized areas and educate them on reasons those cards should be with them.
- Sweep the premises of your work environment and ensure all systems slated for shut own have been shut down after work, check the doors also.
- Put ups not ranger allowed restriction sign and inform the security of their duties if any.
- All external orders should be received outside the premises.
- Check for your access or Identification card every time you leave the office and before you return.
- Mount surveillance systems and implement other security measures.
- Finally, organize training on workplace security consciousness and ensure they are applied.
Remember, Tailgating does not only cause physical damage, but it also poses a threat to the non-physical aspects of your organization; like the company`s financial data and development plans. Tailgating is simply baiting in social engineering and it could work effectively with phishing as a cyber crime.