EXPLAINER: The difference between tailgating and ​piggybacking

While they sound like something you’d do at a football stadium or a playground, in the world of cybersecurity and physical security, tailgating and piggybacking are serious social engineering threats.

​Here is a deep dive into what they are, how they differ, and how to stay safe.

​Defining the Terms:

​Tailgating (The “Slide-In”)

​Tailgating occurs when an unauthorized person follows an authorized person into a restricted area without their knowledge or consent. For example an employee swipes their badge to enter a secure office building. A stranger, perhaps dressed as a delivery person or carrying heavy boxes, slips through the door right behind them before it closes.

​Piggybacking (The “Helpful Hand”)

​Piggybacking is similar but involves collusion or exploitation of courtesy. In this case, the authorized person is aware of the follower but allows them entry anyway.

​The Scenario: An employee holds the door open for someone who “forgot their badge” or claims to be a new hire. The authorized person knows they are letting someone in without proper credentials but does so out of politeness.

​The Dangers They Pose

​Both methods rely on bypassing the “perimeter” to gain access to sensitive assets. Once an intruder is inside, the risks escalate quickly:

​Data Theft: Access to unlocked computers, server rooms, or printed sensitive documents left on desks.

​Malware Installation: An attacker can plug a “rubber ducky” USB or other malicious hardware directly into the network.

​Physical Harm: Threats to the safety of employees or damage to physical infrastructure.

​Intellectual Property Loss: Unauthorized photos of prototypes, whiteboards, or proprietary processes.

​Key Differences at a Glance:

How to Guard Against Them:

​While these are primarily physical security issues, they are the “front door” to digital breaches. Here is how you—and your organization—can stay secure:

​1. Cultivate a “Security First” Culture

​The hardest part of stopping these attacks is overcoming the urge to be “polite.”

​Don’t hold the door: It feels rude, but in a high-security environment, everyone must scan their own badge.

​Challenge strangers: If you see someone without a visible ID badge, kindly ask, “Can I help you find who you’re looking for?” or escort them to the reception desk.

​2. Physical Barriers

​Technology can take the “politeness” variable out of the equation:

​Turnstiles & Mantrap Doors: High-security areas can use “mantraps” (a small space with two sets of doors where the second won’t open until the first is closed and the person is verified).

​Smart Cameras: Modern AI-integrated CCTV can detect when two people enter on a single badge swipe and alert security.

​3. Digital Hygiene for Internet Users

​If a tailgater gets into your office, your digital habits are your last line of defense:

​Lock your screen: Use the shortcut Win + L (Windows) or Cmd + Ctrl + Q (Mac) every single time you leave your desk, even for a coffee refill.

​Privacy Screens: Use physical filters on your monitor so people walking by (or sneaking in) can’t read your data.

​Report Missing Badges: If you lose your access card, report it immediately so it can be deactivated before it’s used for a piggybacking attempt.

 Building a Human Firewall

While sophisticated encryption and firewalls protect our digital assets, tailgating and piggybacking remind us that the physical perimeter is often the most vulnerable link in the security chain. These tactics don’t bypass locks with tools; they bypass them by exploiting human nature—our desire to be helpful, our hesitation to confront others, and our simple lapses in situational awareness.

Ultimately, preventing these breaches requires a shift in mindset. Security is not just the responsibility of a front-desk guard or an automated sensor; it is a collective habit. By normalizing the “one badge, one entry” rule and feeling empowered to challenge unrecognized individuals, we transform from passive targets into active defenders.

In an era where a single unauthorized person with a USB drive can compromise an entire global network, remember: Politeness should never come at the cost of protection. Staying vigilant at the door is the first, and perhaps most critical, step in keeping your data, your colleagues, and your workplace safe.

Have you spotted an error in this article and would like to request a correction, or have you come across a claim that we should investigate? Please send us an email via editor@claritydesk.org or click here to WhatsApp us via +211 928 606 958.

About The ClarityDesk

The ClarityDesk is a media integrity project based in South Sudan dedicated to promoting truth, transparency, and accountability. Working at the intersection of fact-checking, solutions and data journalism, we verify claims, debunk misinformation, and equip the public with tools to critically evaluate information. Our work is guided by accuracy, independence, and the public interest.