Having physical access to a target opens a world of new possibilities for an attacker, and sometimes obtaining physical access can be easier than breaking in using technology. These strategies are centered around bypassing physical security or obtaining credentials in-person rather than through a computer.

Tailgating refers to the act of following someone through a secure door before that door can close. (“What? That counts as a cybersecurity attack?” you ask? Yes, it can be that simple.)

Dumpster diving is, exactly as it sounds, the process of going through trash to obtain sensitive information. While this might sound ridiculous, it’s more common than you might think. Organizations often improperly dispose of sensitive documents in a way that leaves them readable by social engineers. Lots of information can be obtained this way, from passwords on sticky notes to information on employees to tax invoices. Make sure to shred your important papers!

Shoulder surfing refers to the act of looking over someone’s shoulder as they type their password. While this does take some practice on the part of the social engineer, it is a very effective way of obtaining credentials… as long as they’re able to do it without getting caught!