what is tailgating in social engineering
Tailgating in social engineering is when an unauthorized person physically follows an authorized person into a secure or restricted area, bypassing access controls by exploiting politeness and trust.
What tailgating in social engineering means
- An attacker waits near a secure door and slips in right behind someone who has valid access, such as an employee badging in.
- It is a physical social engineering attack: instead of hacking systems, the attacker manipulates human behavior (like courtesy or reluctance to confront strangers) to get inside.
- This can be done in offices, data centers, hospitals, campuses, or any place with card readers, turnstiles, or locks meant to keep outsiders out.
In simple terms: tailgating is âfollowing someone through a secure door youâre not allowed to use, counting on them not to stop you.â
How tailgating typically works
Common patterns include:
- Attacker waits by an access-controlled door.
- An employee badges in or unlocks the door.
- Attacker walks in immediately behind, often very casually.
- The employee assumes the person belongs there, or feels awkward challenging them.
Mini âstoryâ example:
An office worker swipes their card to enter the server room. Behind them, a person in a high-vis vest, carrying a toolbox, speeds up and says, âThanks, Iâm here to check the air conditioning.â The worker, not wanting to seem rude, holds the door. The âtechnicianâ is actually a social engineer who now has direct access to critical equipment and machines.
Why tailgating is dangerous
Once inside, an attacker can:
- Access unlocked workstations or plug in malware via USB drives.
- Steal laptops, documents, prototypes, or storage devices.
- Plant hardware keyloggers or rogue network devices.
- Observe layouts, badges, and procedures to plan more advanced attacks.
Security systems like card readers, biometrics, and firewalls are weakened if someone can simply walk in behind an authorized person.
Tailgating vs. related terms
| Term | What it is | Key detail |
|---|---|---|
| Tailgating | Unauthorized person follows an authorized person into a restricted area. | Often without the victimâs clear awareness; relies on inattention and social norms. | [3][7]
| Piggybacking | Very similar to tailgating; sometimes used interchangeably. | Often defined as the intruder gaining access with the explicit or implicit consent of the authorized person (e.g., âCan you hold the door?â). | [7][3]
| Pretexting | Attacker fabricates a convincing story or role to gain information or access. | Can be remote or physical; tailgating often uses a pretext like âdelivery driverâ or âIT technician.â | [2][9]
Common tailgating tactics and red flags
Attackers often:
- Pose as:
- Delivery drivers with packages or branded clothing.
- Maintenance or IT staff with tools or clipboards.
- New employees who âforgot their badge.â
- Use social pressure:
- Hands full of boxes, asking you to âget the door.â
- Rushing and looking stressed: âIâm late for a meeting; can you let me in?â
- Standing close behind at a turnstile so both pass on a single authorization.
Red flags to watch for:
- Someone without a visible badge in a badge-required area.
- People loitering near doors, waiting for others to enter.
- Anyone who seems more focused on âgetting inâ than on where theyâre going or who theyâre meeting.
How to prevent tailgating
Organizations typically combine technology, policy, and training:
- Physical and technical controls:
- Turnstiles, mantraps, and revolving doors that admit one person per authentication.
- Doors that close quickly and require re-authentication for each entry.
- CCTV and security personnel at key entrances.
- Policies:
- Mandatory visible badges inside secure areas.
- Strict visitor sign-in and escort requirements with clearly marked visitor badges.
- Clear rules: âNever let anyone piggyback through a secure door, even if it feels rude.â
- Awareness training:
- Teaching employees that it is acceptableâand expectedâto challenge unfamiliar faces.
- Scenario-based training (videos, drills) showing common tailgating tricks.
- Regular reminders that âphysical security is part of cybersecurity.â
Quick mental rule employees can use:
âIf I wouldnât vouch for this person personally, I shouldnât let them in.â
Bottom note: Information gathered from public forums or data available on the internet and portrayed here.