What is a tailgating attack (piggybacking)?

Key takeaways

• Tailgating is the most common physical attack technique against mid-market manufacturers because it exploits the most common entry pattern: a person opens the door, and someone else walks in behind them.
• Defense is social, not technical. Anti-tailgating sensors help in lobbies and at single-person turnstiles; they do not help at delivery gates, smoking-area doors, or large employee entrances.
• The right control culture lets a junior employee challenge a senior employee without social cost. The wrong culture makes that challenge career-affecting.
• For manufacturers, the highest-risk tailgating windows are shift change, delivery hours, lunch return, and bad-weather doors-held-open behavior.
• Tailgating findings are workflow findings. Remediation usually changes staffing, scheduling, and signage, not technology.

How does a tailgating attack work in practice?

A tailgating attack is the simplest entry technique because it exploits courtesy. The attacker does not need lock picks, badge cloning hardware, or pretext-elaborate identification. The attacker needs to be near someone who is opening a door and behave as though they belong.

The mechanics:

1. The attacker positions near a controlled entry during a moment when staff are distracted, hurried, or in a normal-flow pattern. Shift change, the morning entry rush, post-lunch return, delivery hours.
2. An authorized person presents a badge or opens a door.
3. The attacker walks in immediately behind, often offering a friendly nod or a "thanks". Hands full, looking at a phone, or carrying coffee removes the need for the attacker to interact with the door.
4. Once inside, the attacker behaves as though they have a destination. Confidence is the disguise.

The technique works because the social cost of challenging a stranger is higher than the social cost of letting them through. Employees who have been trained in security awareness still do not challenge tailgaters, because the workplace norms around politeness override the security norms. Defense has to change the workplace norm, not just the security training.

The four most common tailgating scenarios on a manufacturing site

Across mid-market manufacturer engagements, four scenarios produce the majority of successful tailgating events.

1. Delivery-window gate. Between 6:30 and 8:30 a.m. (and again in the late afternoon), trucks arrive, gate staff are managing throughput, and the queue produces wave entries. A pretexted vendor in a vehicle with a magnetic sign, or on foot in a high-visibility vest, joins the wave. See What is pretexting?.

2. Employee entrance at shift change. The first-shift entry between 6:45 and 7:15 a.m., or the day-to-swing handoff at 2:30 to 3:00 p.m., produces a dense flow at the employee entrance. Badge readers may be present, but throughput pressure makes one badge for two people a normal-looking event.

3. Smoking-area or break-area door. Designated break areas have a door that is propped open or repeatedly opened during breaks. The door is the entire perimeter for that period. Cameras may be present; nobody is watching them in real time.

4. Side or back doors during bad weather. Doors close more slowly when the wind pushes them, snow or rain produces gathered crowds at side entrances, and employees hold doors for each other out of courtesy. Bad weather doubles the tailgating success rate on its own.

A facility with otherwise good controls can have all four of these gaps simultaneously because they are not the gaps most security programs measure.

Why turnstiles, mantraps, and badges fail in real operations

The technology stack of facility access (badge readers, turnstiles, mantraps, anti-tailgating sensors) is designed for an idealized flow that the actual workforce does not produce. Three failure modes:

1. Throughput pressure. A mantrap that admits one person per six seconds is too slow for a 200-employee shift entry concentrated in fifteen minutes. The workaround is to prop the inner door open during the shift entry window. The mantrap becomes a corridor.
2. Delivery and vendor flow exceptions. Vendors with carts, deliveries with pallets, and trade contractors with toolboxes need wider doors than the turnstile lane. Side doors with badge readers but no anti-tailgating sensors handle this flow. The wider doors are the path of least resistance for both legitimate and unauthorized entry.
3. Social override of technical controls. A person whose badge does not read on the first try waits for the next badge and walks in on someone else's authentication. The badge system records one entry; two people walked in. There is no detection without a sensor; sensors are absent at most non-lobby entries.

The technical stack is necessary as a floor but not sufficient as a defense. The workflow and culture do the rest of the work.

Examples of tailgating incidents and their outcomes

What ARG sees during physical engagements at mid-market manufacturers:

• Twelve-minute path from gate to engineering network closet. Pretext: vendor field-service technician arriving during morning delivery rush. Gate waves the vehicle through. The technician enters via the open delivery door behind a forklift driver, walks straight to the engineering area, and reaches the unattended network closet. Three challenges expected along the way; zero received.
• Smoking-area entry to executive corridor. Employees prop the back door for repeated entry during 10 a.m. and 3 p.m. breaks. A pretexted "new hire" stands with them for a minute, walks in with the returning group, and is in the executive corridor within four minutes.
• Side-door entry during shift change. First-shift entry queue at 6:45 a.m. A pretexted electrician in a high-visibility vest stands at the side door, holds it for a returning maintenance employee, and walks in with the next wave. Nobody asks for ID for the next ninety minutes.
• Lobby tailgating after lobby attendant break. Front-desk attendant on a 10:30 break. Visitors arriving for legitimate meetings hold the door for a stranger who walks in confidently. The stranger reaches an executive's office area before the attendant returns.
• Vehicle tailgating at gate with badge reader. Gate badge reader requires an employee badge. The employee badges in; the gate opens; a second vehicle close behind the first follows through before the gate closes. Used legitimately by carpools; exploitable by anyone with a vehicle.

Each finding is repeatable. Each one has a procedural remediation.

How to train employees to challenge tailgaters without confrontation

The cultural change is what produces the durable improvement. Training that asks employees to "challenge tailgaters" without giving them a script or removing the social cost rarely changes behavior.

Five elements that produce real behavior change:

1. Pre-authorized scripts. The organization writes the words employees use: "I do not recognize you, can I help you find someone?" or "Reception is just over there, they will get you signed in." The script makes the challenge professional and routine.
2. Removed social cost. The organization commits in writing: no employee is penalized for challenging anyone, including executives, vendors, or board members. The commitment is repeated by leadership in person, not just published.
3. Modeled behavior from the top. Executives and senior staff are visibly challenged sometimes (as part of authorized testing) and respond by thanking the challenger. The story is told. Junior employees see that the challenge is welcomed.
4. Easy escalation path. Employees who are unsure call reception or security from any internal phone. The escalation is a number anyone can dial, not an org-chart traversal.
5. Continuous, low-key reinforcement. Adaptive simulation includes physical pretexts on the cadence of an actual visit pattern. Surfacing rates are tracked over time and reported back to the workforce informationally, not punitively.

Without these elements, training campaigns produce posters and forgotten quizzes. With them, surfacing rates measurably improve quarter over quarter.

Best practices for physical entry controls that resist tailgating

1. Visitor management at every staffed entry. Pre-registered visitors, photo on entry, escorted at all times, badge expires by end of day. Pre-registration is the choke point; pretexts cannot pre-register themselves. See What is a physical security audit?.
2. Delivery and vendor workflow separation. Deliveries enter a delivery-only area that does not have a path to the main building. Vendors with building access are pre-registered, badged on arrival, and escorted to their destination. Trade contractors have managed work orders with named escort.
3. Anti-tailgating sensors where the geometry allows. Lobby mantraps and single-person turnstiles benefit from optical/lidar tailgating detection. Costs are recovered through reduced staffing on the front-desk attendant.
4. Camera coverage with real review. Cameras at every controlled entry, with daily or weekly review of unattended-door events. Coverage without review is theater.
5. Door alarms that escalate. Doors held open beyond a defined window (60 seconds, 5 minutes) generate alerts that route to a real person who responds. The default of "doors chime locally only" is insufficient.
6. Bad-weather and shift-change staffing. Reception or security staffing scales up during predictable high-volume periods. Not for theater; for actual interaction with the entry flow.
7. Continuous physical-pretext simulation. Tailgating is exercised in every ARG engagement during on-site weeks. The metric is challenge rate by entry, by time of day, by pretext family.

Tailgating FAQs

Is tailgating considered a security breach?

Yes. Any unauthorized access to a controlled area is a security breach, regardless of how it happened. Even when the tailgater is later found to be harmless (a confused visitor, a lost contractor), the failure of the entry control is a documentable incident. For regulated industries, repeated tailgating events become an auditable finding.

Do anti-tailgating sensors actually work?

Optical and lidar tailgating sensors work in controlled-lobby environments where one entry is a single-person turnstile or mantrap. They do not work for vehicle gates, delivery entrances, smoking-area doors, or large double-door employee entrances. In most mid-market manufacturers, the entries most often tailgated are not the entries the sensors cover.

What is the legal liability if a tailgater causes harm?

The organization is generally liable for foreseeable harm caused by failures of its physical security controls. Documented tailgating events that go unaddressed, where a subsequent incident causes loss or injury, are evidence that the harm was foreseeable. Practical defense is to treat tailgating as an incident category, document the events, and act on the trend, not just the worst case.

How does tailgating differ from piggybacking?

The terms are often used interchangeably. Some practitioners distinguish: tailgating means following someone through without their knowledge, piggybacking means following with their knowledge or active assistance (held door, waved through). Both are unauthorized access; the defense (challenge culture, sensor coverage, badge policy) is the same.

How ARG tests tailgating resistance during on-site audits

Tailgating is the most reliably exploitable physical vector at mid-market manufacturers, and it is the first one ARG exercises during on-site engagement weeks. The test produces direct evidence of which entries hold, which entries do not, and how the workforce responds when a stranger is on the wrong side of the door.

Testing is conducted by David Ashby, drawing on a manufacturing background at Quality Electrical Systems. The operator's familiarity with shift dynamics, delivery flow, and trade-contractor patterns lets the pretexts ride the real operational rhythm. Pretexts rotate by engagement: a vendor technician during the morning delivery window, a "new hire on first day" at shift entry, an inspector at reception, a maintenance contractor at a side door. Each attempt is logged: entry attempted, time, pretext, outcome (admitted, challenged, escorted), challenge quality (engaged, polite, performative, none).

Findings consolidate into the engagement report alongside the badge cloning, pretexting, and physical security audit findings. The remediation backlog covers staffing, training, signage, technology, and policy in priority order by exploitability and business impact.

Re-testing during subsequent on-site engagements measures the change. Surfacing rates rise over time as the workforce internalizes the challenge habit. Pretexts that worked in year one rarely succeed in year three at the same facility; the engagement evolves the test as the facility evolves the defense.

Apply as a founding client or see how the engagement works for the full delivery cycle.