
☐ ☆ ✇ McAfee Blogs

What Are Tailgating Attacks and How to Protect Yourself From Them

By McAfee — November 29th 2022 at 13:46

Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security. 

One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm. 

Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job. 

What is a tailgating attack?

Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers. 

Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver. 

Who’s at risk of tailgating attacks?

Companies, particularly at risk of being targeted by tailgating scams, include those: 

  • With many employees, often moving inside and out of the premises 
  • With multiple entrance points into a building 
  • That receive deliveries of food, packages, documents, and other things regularly 
  • That have many subcontractors working for them 
  • Where employees aren’t thoroughly trained in physical and cybersecurity protocols 

Generally speaking, companies with robust security systems in place — including using biometrics, badges, or other identity and information security measures — are better protected from tailgating and piggybacking attacks.  

But that’s not to say that some smooth-talking fraudster can’t talk someone into letting them in or finding some way around those protections. 

What are common tailgating methods?

Common types of tailgating attacks that you should be aware of on the job include:  

  • Someone walking behind you into a secure area, depending on your common courtesy to keep the door open for them 
  • A courier or delivery driver who aren’t what they seem 
  • Someone with their hands full of items to trick you into opening the door for them 
  • A person who claims they’ve lost their work ID or forgotten it at home, so that you grant them admittance 

How to protect yourself from tailgating attacks 

Protecting yourself from tailgating attacks is partly a matter of learning about the issue, raising your level of awareness on the job, and depending on your employer, putting in place more effective security systems.  

Some solutions include: 

Increased security training

Many companies know how to train employees to recognize, avoid, and cope with online security issues but may forget to provide the same diligence to physical security. How to spot and deal with threats should be part of this training, plus cultivating an awareness of surroundings and people who might be out of place.   

Management should offer a clearly stated security policy taught to everyone, which might insist that no one be allowed into a secure area without the proper pass or identification. As the security policy is updated, all employees should be aware of changes and additions. 

These security measures should be part of an overall protection program, like McAfee+, which includes antivirus software, a firewall, identity monitoring, password management, web protection, and more. 

Smart badges and cards

If you have a large business spread over several floors, it can be hard for employees to know who works there and who doesn’t, leaving them susceptible to tailgating and piggybacking attacks. Requiring smart badges and cards to access restricted areas can help cut back on unauthorized intrusions and provide better access control. 

Building fully staffed reception areas with dedicated security personnel could also be part of a larger security system. 

Biometric scanners

Biometric scanners are an even more advanced way to provide proper authentication for a worker’s identity. They scan a unique physical or audible feature of a person and compare it to a database for approved personnel.  

Examples of biometric security include: 

  • Voice recognition 
  • Iris recognition 
  • Fingerprint scans 
  • Facial recognition 
  • Heart-rate sensors 

Understanding social engineering

One reason people are vulnerable to physical and cyberattacks is that they lack education on social engineering and the kinds of threats it poses.  

Workers need to understand the full range of social engineering techniques and know-how to protect themselves, whether in their social media accounts or physical work environment.  

For their part, companies can use simulated phishing emails and tailgating attacks to raise awareness and underline how to follow protocols in dealing with them. 

Video surveillance

If there are many ways to enter a business, it may make sense to put video surveillance on all entrances. Advanced video surveillance systems can use artificial intelligence (AI) and video analytics to scan the faces of people entering and compare them to a database of employee features. 

Discover how McAfee can help keep devices secure from hacking

Whether at work or at home, people want to be secure from attacks by cybercriminals who seek to take personal information. 

To add a layer of security to all their connected devices — including computers, smartphones, and tablets — an increasing number of people are turning to the comprehensive coverage of McAfee+ 

Features range from advanced monitoring of possible threats to your identity, automatic implementation of virtual private networks (VPNs) to deal with unsafe networks, and personal data clean-up, removing your information from high-risk data broker sites. 

McAfee protection allows you to work and play online with greater peace of mind. 

The post What Are Tailgating Attacks and How to Protect Yourself From Them appeared first on McAfee Blog.

☐ ☆ ✇ McAfee Blogs

The Rise of the Dark Web Gig Economy

By Vishnu Varadaraj — June 17th 2021 at 12:15

The gig economy has become more prevalent in today’s world with the appeal and necessity of flexible work opportunities. Many take advantage of short-term contracts, side jobs, and freelance work to retain more control over how they spend their day and earn their income. However, the proliferation of these flexible work opportunities has transcended into the dark web, allowing individuals to conduct nefarious activities. Rather than contracting handyman or moving services on the dark web, you can find hackers contracting their website hacking services or buyers placing ads looking for a hacker to hire. These acts pose significant risks to online users, given the amount of stolen personal information on dark websites. Take a look at the activities you can expect to find on the dark web and the steps you can take to safeguard your online privacy.

Watch Out for These Dark Web Criminal Activities 

The dark web is part of the public internet that search engines do not index. In other words, what happens on the dark web, stays on the dark web with no traceable records. Most people don’t realize that the dark web is not illegal despite its association with criminal activities. However, the dark web has retained a criminal reputation since it is challenging to track what goes on. As a result, criminals will often frequent the dark web to conduct a variety of illegal transactions, including hacking services. 

Researchers are discovering an uptick in activity on dark web forums that includes buying and selling black hat hacking services. 90% of the activity on these forums is from people looking to hire hackers to infiltrate websites and steal databases. Additionally, 4% of the people frequenting dark web forums requested hacking services related to website hacking and malicious code injection. 

Another 7% of people on the dark web are hackers contracting out their services and tools. These services and tools include web shells, a file uploaded to a server that an attacker can use to execute operating system commands, as well as access to administrative website interfaces and ready-made exploits. Many of the services offered on these forums range in specialties such as site infiltration to data extraction. As a result, they often attract a variety of customers with numerous requests. 

Further, many of the ads seeking hacking services are aimed at database hacking. Those targeting databases are often financially incentivized hackers and companies out to steal their competitor’s information. Databases remain a popular target for hackers since they contain a significant amount of personal information ranging from first and last names to credit card numbers. Cybercriminals can then use this information to commit numerous crimes such as monetary theft, unemployment and tax relief fraud, and identity theft.

For example, the Canada Revenue Agency (CRA) had to suspend approximately 800,000 accounts after discovering matching credentials for sale on the dark web. In a previous data breach, hackers used login credentials to access taxpayer accounts, apply for COVID-19 relief funds, and reroute the funds into their bank accounts. Taxpayers could not log in to their accounts without first taking the necessary steps to regain safe access.

5 Steps to Take After a Data Breach 

Users must protect their online presence and information as these criminal activities continue to escalate in demand. Here are the five must-dos after discovering a data breach to retain your online security.

1. Leverage security software 

Be one of the first to know about a data breach by leveraging security software such as McAfee Total Protection. A comprehensive security solution that includes dark web monitoring actively monitors the dark web for data breaches and exposed information. This information includes but is not limited to your date of birth, email addresses, credit card numbers, and personal identification numbers. Robust security software also provides steps for remediation after a data breach to guide the user to regain control and integrity of their data and privacy.

2. Stay in the know 

Companies are required to notify their customers of a data breach under the PIPEDA legislature. Be on the lookout for breach notices from relevant companies since they are often the first to know about a data breach impacting their online customers. 

Create news alerts for companies that have access to your information to stay notified of the latest events. Additionally, create notifications for your bank and other financial accounts to monitor for suspicious activity such as unauthorized transactions or a drop in credit score. You will be better prepared to mitigate any cybersecurity threats with the right security software and knowledge of the latest risks.  

3. Change your credentials 

Looking back to the 800,00 taxpayers whose accounts were suspended, they could not regain access without first changing their login credentials. Changing your login credentials such as your usernames, passwords, and security questions is a critical first step to take after any data breach.

Changing your credentials prevents hackers from accessing your personal information and ensures that you regain control over your account security. The chances of a hacker accessing your data are exceptionally high if you use the same credentials across different accounts. Thus, it’s essential to change your usernames and passwords regularly to ensure your information remains secure. 

4. Update your passwords 

Just as important as changing your password regularly is changing your password following best practices. Create stronger passwords by using a combination of the following: 

  • Upper case letters 
  • Lower case letters 
  • Numbers 
  • Symbols 

Long passwords with a minimum of 12 characters are also more effective than shorter passwords since it makes it more difficult for a hacker to guess. In sum, ensure all passwords are long, complex, and only used once. Use a password manager with a built-in generator like the one included in McAfee’s Total Protection solution to make it easier to access and manage passwords. 

5. Enable multifactor authentication 

If your credentials are exposed in a data breach, using multifactor authentication will ensure hackers cannot access your information using only your login credentials. So even if your username and password are exposed, there is still a layer of security that hackers will not be able to bypass. Block out unauthorized login attempts by enabling multifactor authentication wherever applicable.  

Safeguard Against Dark Web Activities  

The dark web continues to be a primary destination for cybercrime. Online users must remain cautious about the information they retain in their online accounts and the websites with access to their personal information. Your data security and privacy are not always a guarantee, but the more precautions you take with your online safety, the better protected you will be.  

Stay Updated 

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook. 

The post The Rise of the Dark Web Gig Economy appeared first on McAfee Blogs.
