Attacks & Threats
Piggybacking
Also known as: Access piggybacking
Definition
Unauthorized physical or logical access gained when an authorized person knowingly allows an attacker to follow them past an access control.
Examples
- An attacker dressed as a delivery worker is let into a secure office by an employee holding the door open.
- A guest connects to a corporate Wi-Fi network after an employee shares the password without authorization.
Related terms
Tailgating
A physical intrusion technique where an attacker slips through an access control by closely following an authorized person without their consent or awareness.
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
Pretexting
A social-engineering technique in which an attacker invents a believable scenario or identity to manipulate a target into disclosing information or performing an action.
Shoulder Surfing
Observing someone's screen, keyboard, or PIN pad over their shoulder — directly or via cameras — to steal credentials, codes, or sensitive information.
Dumpster Diving
Searching through an organisation's or person's discarded materials — paper, removable media, hardware — to recover sensitive information.
Baiting
A social-engineering attack that lures victims with an enticing physical or digital object designed to trigger malware execution or credential theft.