During a physical penetration test, an auditor waits by a high-traffic employee entrance that requires badge access. As an employee badges in, the auditor, dressed in a business suit and pretending to be on an important phone call, walks closely behind the employee and enters the facility before the door closes. Which social engineering attack best describes the auditor's method of entry?
The auditor's action of following an authorized employee through a secure entrance without their own credentials is a classic example of tailgating. While the auditor used impersonation by dressing in a suit and pretending to be on a call to avoid suspicion, the specific act of bypassing the physical access control by following someone is tailgating. Shoulder surfing involves observing someone enter their credentials, which did not happen here. Whaling is a form of spearphishing aimed at high-level executives and is not a physical entry technique.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between tailgating and piggybacking?
Open an interactive chat with Bash
Why is tailgating considered a security risk?
Open an interactive chat with Bash
What are some common ways organizations prevent tailgating?