TAILGATING- THE SOCIAL ENGINEERING BAITING
Table of Contents
Hacking and security bypass is often premised under the very idea that they come in mostly through the back door or a prohibited may be undiscovered entry. Don’t these know to use a front door? From one of my favourite movie scripts, “..a gentleman goes out the same way he came in- the front door“.
The truth is, most times, hacking or security breaching does not necessarily require a wall of computer screens and keyboard floors in a basement, as depicted in the movies of a typical introverted programmer`s lair when seemingly complex problems have the simplest solutions like inspecting your entry point- the front door.
Why should I use the window when you left your front door open and unguarded? Since your suspicions should be aroused, do not forget to think naturally.
What is Tailgating?
Tailgating is a social engineering attack where an unauthorized person gains access to a restricted area led by a clueless authorized individual. Tailgating is also referred to as PIGGYBACKING. The most usual practice is where the trespasser rushes in after the authorized person to avoid the door jamming against him, although this is not usually the only objective.
Tailgating is a physical activity that exploits human factors- skill and cleverness.
There are forms to piggybacking, and it is necessary knowledge of all possible forms are brought to you as a precautionary measure because such knowledge would be your power.
Common forms and Practices of Tailgating
- The Thor Hammer Drama: this is a drama award-deserving ruse. Is it not uncourteous not to hold open the elevator or spring-hinged door for someone whose hands are occupied by a heavy object? This creates a dilemma on how to be careful while applying moral judgement. You must surrender to being the gentleman momma raised.
- The Delivery guy: here, a social engineer pretends to have a parcel for an officer at the firm, expecting to bypass security by asking for a signature from that officer.
- The Sanguine character: being the most sociable of the four temperaments, with their excellent communication skills, they can sneak into the company of workers of the targeted firm are having their lunch break, engage few persons in immersing topics- usually those with higher authorization, expecting a call back at the office to hear the end of that story. What? Do you eat your cake half-baked?
- The Leg Stud: this is the classic. A popular act in many movies and TV shows is where the tailgater uses his foot to stop the door from jamming after authorized entry. They are usually smart to know they should wear shoes as some doors are not so subtle; say they are bone breakers!
- The Sorensen appointment: everyone talks about and quotes the 35th U.S. President John F. Kennedy, who presented motivating speeches, but no one talks about Theodore Chaikin Sorensen, the American lawyer, writer, and presidential adviser who wrote his speeches and who JFK called “intellectual blood bank“– everyone talks about the heroes, but who makes the capes?
- This method is applied by those social engineers where they pretend to have a meeting with the unpopular Sorenson; who will object when he is unpopular? Besides this method is most effective where Sorensen keeps religiously to his routines and it is known he will not be at the office at hours of his coffee break. The idea is, if Sorensen in unavailable, he can’t tell if there is an appointment.
It is now obvious that the least security measure, watching the door shut behind you, should not be taken for granted.
Below are some ways to prevent a tailgating attack.
How to prevent Tailgating attacks
In addressing this and prevention, we must think as the malefactor, run his mental game, a penetration test where tech solutions are needed. This exposes potential threats behind back doors and even unlocked front doors you would have dismissed quickly as nothing.
To prevent tailgating attacks, the following points may come handy for organizations:
- Ensure your workers are given access cards to authorized areas and educate them on reasons those cards should be with them.
- Sweep the premises of your work environment and ensure all systems slated for shut own have been shut down after work, check the doors also.
- Put ups not ranger allowed restriction sign and inform the security of their duties if any.
- All external orders should be received outside the premises.
- Check for your access or Identification card every time you leave the office and before you return.
- Mount surveillance systems and implement other security measures.
- Finally, organize training on workplace security consciousness and ensure they are applied.
Remember, Tailgating does not only cause physical damage but also poses a threat to your organisation’s non-physical aspects of your organization; like the company`s financial data and development plans. Tailgating is simply baiting in social engineering, and it could work effectively with phishing as a cybercrime.