Tailgating in social engineering is when an unauthorized person physically follows an authorized person into a secure or restricted area, bypassing access controls by exploiting politeness and trust.

What tailgating in social engineering means

  • An attacker waits near a secure door and slips in right behind someone who has valid access, such as an employee badging in.
  • It is a physical social engineering attack: instead of hacking systems, the attacker manipulates human behavior (like courtesy or reluctance to confront strangers) to get inside.
  • This can be done in offices, data centers, hospitals, campuses, or any place with card readers, turnstiles, or locks meant to keep outsiders out.

In simple terms: tailgating is “following someone through a secure door you’re not allowed to use, counting on them not to stop you.”

How tailgating typically works

Common patterns include:

  1. Attacker waits by an access-controlled door.
  2. An employee badges in or unlocks the door.
  3. Attacker walks in immediately behind, often very casually.
  4. The employee assumes the person belongs there, or feels awkward challenging them.

Mini “story” example:

An office worker swipes their card to enter the server room. Behind them, a person in a high-vis vest, carrying a toolbox, speeds up and says, “Thanks, I’m here to check the air conditioning.” The worker, not wanting to seem rude, holds the door. The “technician” is actually a social engineer who now has direct access to critical equipment and machines.

Why tailgating is dangerous

Once inside, an attacker can:

  • Access unlocked workstations or plug in malware via USB drives.
  • Steal laptops, documents, prototypes, or storage devices.
  • Plant hardware keyloggers or rogue network devices.
  • Observe layouts, badges, and procedures to plan more advanced attacks.

Security systems like card readers, biometrics, and firewalls are weakened if someone can simply walk in behind an authorized person.

Tailgating vs. related terms

[3][7] [7][3] [2][9]
Term What it is Key detail
Tailgating Unauthorized person follows an authorized person into a restricted area. Often without the victim’s clear awareness; relies on inattention and social norms.
Piggybacking Very similar to tailgating; sometimes used interchangeably. Often defined as the intruder gaining access with the explicit or implicit consent of the authorized person (e.g., “Can you hold the door?”).
Pretexting Attacker fabricates a convincing story or role to gain information or access. Can be remote or physical; tailgating often uses a pretext like “delivery driver” or “IT technician.”

Common tailgating tactics and red flags

Attackers often:

  • Pose as:
    • Delivery drivers with packages or branded clothing.
    • Maintenance or IT staff with tools or clipboards.
    • New employees who “forgot their badge.”
  • Use social pressure:
    • Hands full of boxes, asking you to “get the door.”
    • Rushing and looking stressed: “I’m late for a meeting; can you let me in?”
    • Standing close behind at a turnstile so both pass on a single authorization.

Red flags to watch for:

  • Someone without a visible badge in a badge-required area.
  • People loitering near doors, waiting for others to enter.
  • Anyone who seems more focused on “getting in” than on where they’re going or who they’re meeting.

How to prevent tailgating

Organizations typically combine technology, policy, and training:

  • Physical and technical controls:
    • Turnstiles, mantraps, and revolving doors that admit one person per authentication.
    • Doors that close quickly and require re-authentication for each entry.
    • CCTV and security personnel at key entrances.
  • Policies:
    • Mandatory visible badges inside secure areas.
    • Strict visitor sign-in and escort requirements with clearly marked visitor badges.
    • Clear rules: “Never let anyone piggyback through a secure door, even if it feels rude.”
  • Awareness training:
    • Teaching employees that it is acceptable—and expected—to challenge unfamiliar faces.
    • Scenario-based training (videos, drills) showing common tailgating tricks.
    • Regular reminders that “physical security is part of cybersecurity.”

Quick mental rule employees can use:

“If I wouldn’t vouch for this person personally, I shouldn’t let them in.”

Bottom note: Information gathered from public forums or data available on the internet and portrayed here.