There is a famous saying that most of you might have listened, “One man’s trash is another man’s treasure”. That means what one person considers worthless might be of high value to the other. The concept of Dumpster Diving relies upon the above stated idiom.
In the world of Information Security and Cyber threats, Dumpster diving is the process of searching trash to obtain useful information about a person/business that can later be used for the hacking purpose. This attack mostly targets large organizations or business to carry out phishing (mostly) by sending fake emails to the victims that appear to have come from a legitimate source. The information obtained by compromising the confidentiality of the victim is used for Identity frauds.
What does a hacker look for?
- Email address/address
- Phone numbers to carry out Vishing
- Passwords and other social security numbers that we might have written on sticky notes for our convenience
- Bank statements/financial statements
- Medical records
- Important documents
- Account login credentials
- Business secrets
- Marketing secrets
- Information of the employee base
- Information about the software/tools/technologies that is being used at the company
- Destroy any CDs/DVDs containing personal data.
- In case you no longer need your PC, make sure you have deleted all the data so that it can’t be recovered.
- Use of firewalls can prevent suspicious Internet users from accessing the discarded data.
- Paper documents should be permanently destroyed/shredded.
- Companies should lock waste bins and should have a safe disposal policy.
We can take several effective steps to ensure our safety. But the most important step in the process of ensuring safety still remains the same. And it is to spread awareness among your known ones. Perhaps, this is the best thing we can do to mark us safe in this flood of threats. Stay safe.