Piggybacking
What is Piggybacking?
PiggybackingUnauthorized physical or logical access gained when an authorized person knowingly allows an attacker to follow them past an access control.
Piggybacking is a social-engineering technique in which an attacker obtains entry to a restricted area, network, or session because an authorized user grants them access — often out of politeness, a manufactured pretext, or coercion. Unlike tailgating, piggybacking involves the legitimate user's awareness or implicit cooperation, such as holding a door open for someone carrying boxes or sharing a Wi-Fi password. The attacker leverages trust and social norms rather than defeating the access control itself. Defences include mantraps, badge anti-passback rules, security awareness training, visitor escort policies, and clear procedures requiring everyone to badge in individually.
● Examples
- 01
An attacker dressed as a delivery worker is let into a secure office by an employee holding the door open.
- 02
A guest connects to a corporate Wi-Fi network after an employee shares the password without authorization.
● Frequently asked questions
What is Piggybacking?
Unauthorized physical or logical access gained when an authorized person knowingly allows an attacker to follow them past an access control. It belongs to the Attacks & Threats category of cybersecurity.
What does Piggybacking mean?
Unauthorized physical or logical access gained when an authorized person knowingly allows an attacker to follow them past an access control.
How do you defend against Piggybacking?
Defences for Piggybacking typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Piggybacking?
Common alternative names include: Access piggybacking.