0Pricing
Security+ Academy · Lesson

Physical Social Engineering: Tailgating and Baiting

Learn how attackers bypass physical security through tailgating, piggybacking, and baiting (USB drops), and the defenses that stop them.

When Attackers Walk In the Front Door

Not all attacks happen remotely. Physical social engineering involves manipulating people and bypassing physical security controls to gain unauthorized access to buildings, server rooms, or sensitive areas. The consequences can be severe: an attacker with physical access to a server can install a hardware keylogger, steal drives, connect a rogue device to the internal network, or walk out with unencrypted backup tapes. Physical and logical security must be considered together — a perfect network defense is undermined by an unlocked data center door.

Tailgating and Piggybacking

Tailgating occurs when an unauthorized person follows an authorized employee through a secured door before it closes, without the employee's knowledge. The attacker may carry boxes, wear a uniform, or simply look like they belong to avoid challenging looks. Piggybacking is similar but with the authorized person's awareness and (mistaken) consent — for example, an employee holds the door open for someone claiming to be a visitor waiting for their badge to be processed. Both bypass physical access controls without any technical exploit. Mantraps eliminate both by ensuring only one person passes at a time.

# Physical access control defenses:
# Mantrap (airlock/access control vestibule):
#   - Two interlocked doors: only one can open at a time
#   - Person enters chamber, first door closes, identity verified
#   - Only then does inner door unlock
#   - Prevents both tailgating and piggybacking

# Employee policy:
#   - Challenge anyone without visible badge
#   - Never hold door for unverified individuals
#   - Escort visitors at all times in secure areas

All lessons in this course

  1. Phishing, Spear Phishing, and Whaling
  2. Vishing, Smishing, and Pretexting
  3. Physical Social Engineering: Tailgating and Baiting
  4. Security Awareness Training and Anti-Phishing Controls
← Back to Security+ Academy