What is dumpster diving?
Dumpster diving is the process of searching through discarded items to retrieve sensitive information. Organizations often discard documents and other media without properly destroying them. As a result, attackers often exploit that for the purpose of phishing, identity theft, or other malicious purposes.
Purpose of Dumpster Diving
Organizations often discard documents, CDs/DVDs, hard drives, or other media when they are no longer needed. These discarded items often contain sensitive information, such as:
- Resumes
- Medical records
- Bank statements
- Account details
- Tech support logs
- Emails
- Handwritten notes that reveal secrets of the company
- Information on employees, etc.
As a result, attackers can easily use dumpster diving to retrieve this sensitive information. And then, they can exploit them for the purpose of phishing, identity theft, or plan for other cyberattacks on the organizations.
For example, a phishing email that contains sensitive information looks much more convincing. Moreover, attackers may also retrieve information such as technologies, tools, software used by the organization that they can later exploit to plan for cyberattacks on the organization.
Preventive Measures
We can take the following preventive measures to prevent attackers from retrieving sensitive information through dumpster diving:
- Shred important documents when they are no longer needed.
- Destroy CDs, DVDs, or other media properly before discarding them.
- If a computer or hard drive is no longer needed, all data should be deleted properly before discarding it.
- Organizations should adhere to a safe disposal policy while discarding items.
I hope this helps. However, readers who want to know more about how various malware and cyberattacks work and how we can prevent them can refer to the book “A Guide To Cyber Security“.
Security Fundamentals Practice Tests
The Security Fundamentals Practice Tests test one’s fundamental knowledge of cyber security. The practice tests are good for those who are preparing for various certification exams like the CCNA, CCNP, or CompTIA. They are also good for students and IT/security professionals who want to improve their understanding of cyber security.
These practice tests are accessible only to Premium Members. Please login below to take these tests or upgrade your membership:
Not a member yet? Please follow the link below to register for The Security Buddy.
You can find more on The Security Buddy membership plan here:
0 Comments