<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=352585001801011&amp;ev=PageView&amp;noscript=1">
Karen Cohen

By: Karen Cohen on April 30, 2022

Print/Save as PDF

What Is Tailgating? What Is Piggybacking? (The Differences & Risks)


People who want to gain unauthorized access to information often use social engineering tactics that capitalize on human instincts. Tailgating and piggybacking are social engineering tactics that have nothing to do with riding the bumper of the car in front of you on the highway, playing cornhole at a football game, or carrying someone on your back. 

At Kelser, we provide comprehensive IT solutions that minimize the opportunity for social engineering tactics like tailgating and piggybacking. In this article, I’ll explain what these two social engineering tactics are, who may be targeted, and how they put your data at risk. I’ll also explore 7 steps you can take to keep your organization safe. 

Reading this article will give you the information you need to recognize and avoid tailgating and piggybacking ploys.

What Are Tailgating And Piggybacking? 

In the world of cybersecurity, tailgating and piggybacking are in-person social engineering tactics that unauthorized people use to gain access to restricted physical locations that are protected by electronic systems designed to limit access. 

Whether by tailgating or piggybacking, the perpetrator seeks access to company secrets and financial assets, or install malware on the company's network.

Who Do Tailgating & Piggybacking Ploys Target?

Tailgating and piggybacking ploys typically target mid-sized organizations that have a large enough workforce where they can blend in, but that don’t have the high levels of security that exist at larger companies. Having said that, small and large organizations are not immune

What Do Tailgating & Piggybacking Ploys Look Like? 

There are different kinds of tailgating and piggybacking tactics. Unlike other forms of social engineering, both are in person attacks. 

Tailgating is when someone gains access to a restricted area by sneaking in without the knowledge of the person providing access. In other words, an employee swipes in with a badge and the perpetrator sneaks in behind them.

Piggybacking is when the authorized person realizes that they’ve let someone in, but assumes they have a legitimate reason for being there, as in the pizza delivery example mentioned earlier. The perpetrator often can provide the name and department of an employee (and sometimes the telephone number as well) from the company website.

Other times, piggybacking happens when a perpetrator tries to enter a large company by making small talk with an employee who is walking into the building in the hopes that the employee will hold the door. The perpetrator may even go so far as to “admit” that they forgot their badge or may claim to have a meeting with an employee that they mention by name. 

A piggybacking perpetrator may have their hands full with several bags or boxes. Or they may pretend to be in the middle of an important telephone call.

While security at many companies has grown tighter, it can be easy for a piggybacker to blend in with a group of employees. 

7 Ways To Avoid Becoming A Victim Of A Tailgating Or Piggybacking Attack

There are many ways to minimize the chances of becoming a victim of a tailgating or piggybacking attack.

1. Provide Multiple Layers Of Security For Restricted Areas

In addition to swipe access, biometrics can be used to provide an additional layer of security for restricted areas. And cameras can be valuable to identify perpetrators in the event of a tailgating or piggybacking event. 

2. Be Mindful When Entering Restricted Areas 

Pay particular attention to people who may be hanging around the entrance. Make sure that nobody follows you when you swipe your badge. Ensure that the door shuts behind you. 

3. Establish & Follow Visitor Policies

If you don’t already have a visitor policy in place, make sure to establish one and communicate it to all employees.

Make sure that all visitors to your facility sign in, verify their identity, and are escorted at all times. Give them readily identifiable badges so that they will be easy to spot and immediately noticed if they gain entrance to a restricted area. 

4. Update Anti-Malware and Anti-Virus Software

Keep your anti-malware and anti-virus software updated and patched. If a perpetrator does gain access to your IT infrastructure, the updated software will provide better protection for your data. Nothing provides 100 percent protection, but the more up-to-date your software, the better protected you will be. 

5. Implement, Update and Follow IT Policies & Procedures

If your organization doesn’t have policies and procedures in place regarding the protection and safe use of technology, implement them. If the policies exist, make sure to review them so they stay current, and reflect the latest threats. 

Establish policies for reporting social engineering attacks. Make sure that employees know how and when to report suspicious activities

6. Protect Login Credentials

Login credentials can be extremely valuable to hackers. Multi-factor authentication, strong passwords, and password managers provide extra layers of security to protect this information.

7. Provide Employee Cybersecurity Awareness Training

Employees can be your strongest defense against cybersecurity threats, but only if they know about them. Regular cybersecurity awareness training for all employees is a cost-effective way to ensure that threats like tailgating and piggybacking stay top of mind. Be sure employees understand the role they play in responding to and reporting threats. 

Next Steps To Protect Yourself From Tailgating and Piggybacking Attacks

After reading this article, you have a full understanding of tailgating and piggybacking attacks. You understand the similarities and the differences. You know they are both in-person social engineering ploys

We’ve talked about the organizations that these attacks target, what they look like, and 7 steps you can take to avoid becoming a victim. 

Kelser provides comprehensive managed IT services that help keep our customers protected from a variety of social engineering attacks but we know that managed IT isn’t the right solution for every organization. 

Whether you work with us or not, we are committed to providing honest, easy-to-understand information you can use to select the IT solutions that will keep your organization’s IT infrastructure and data safe. 

Read this article to find out everything you need to know about managed IT: What Does A Managed Service Provider (MSP) do? (Essential & Premium Services)

About Karen Cohen

Karen brings unending curiosity to her role as Kelser's Content Manager. If you have a question, she wants to know the answer.

Suggested Posts

Visit Our Learning Center