Tailgating is an attack where the attacker slips in through a secure area while following an authorized employee. The employee doesn't know that anyone is behind them. For example, an employee might enter the company lobby by using an access card on the locked entrance. They open the door wide and let it close by itself, not looking to see if anyone's behind them. The attacker then quietly moves to the door as it's closing and stops it, then walks in. Tailgating requires several factors to be effective: the doors must not close too quickly; the followed employee must not be paying attention; and there must not be an attentive guard or other personnel waiting on the other side.

Piggybacking is essentially the same thing, but in this case, the target knows someone is following behind them. The target might know the attacker personally and be complicit in their attack, or they might be ignorant of what the attacker is doing. For example, if the attacker was recently terminated from the company, the target might not know this and assume it's just another day at the office. However, it's more likely that the target doesn't know the attacker, but is just keeping the door open for them out of common courtesy. The target may also let the attacker through in order to avoid confrontation. However, piggybacking will be less effective in smaller organizations where everyone knows everyone else, or in environments where building access is strongly controlled.

Piggybacking and tailgating are also examples of how you can use social engineering as part of a physical attack. For example, one of the easiest ways for an intruder to enter an access-controlled building would be to slip in with employees as they return after a fire drill.