In a penetration test, what is the term for covertly following an authorized employee who is unaware that anyone is behind them?

In this scenario, the focus is on bypassing physical security by exploiting a person’s routine behavior. The specific act of covertly following an authorized employee into a restricted area while the employee doesn’t notice someone behind them is tailgating, also known as piggybacking. It relies on the trust granted by someone with credentials and the human tendency to be polite or to hold the door for others, rather than on a technical flaw. Shoulder surfing would involve watching someone enter a password or PIN, not following them through a doorway. Phishing targets credentials through deceptive electronic messages, not through a physical entry act. Social engineering is the broader practice of manipulating people to bypass security, and tailgating is a concrete technique within that broader category. Tailgating is the precise term for this described behavior, and recognizing it helps address weaknesses in access control and policy enforcement.