Dumpster diving attack definition
A dumpster diving attack is a type of no-tech attack that hackers use to obtain someone’s personal information. A dumpster diving attack happens when one person goes through someone else’s trash to find disposed bills, notes, invoices, or any other documents that have sensitive information on them, such as passwords, credit card numbers, or email accounts. This doesn’t necessarily mean people’s actual trash but also the documents they delete on their computers, phones, and other devices. Usually, when we’re done with a document or a bill, we delete it from our devices to save storage or throw it in the trash if it is in paper form. However, it still stays on the hard drive, which hackers can access. In addition, if someone really wants to access a device, they would go through the work of actually looking through the person’s trash to find useful information. So, dumpster diving attacks can involve both real-world dumpster diving and online dumpster diving. Also, information like organizational charts, phone lists, and calendars can be used against us via social engineering techniques.
See also: password protection, social engineering
Dumpster diving attack prevention
- Safely discard used devices by deleting all data from hard drives and clearing TPM data.
- Remove domain trust relationships, expiring trust certificates, and other trust factors before you throw away old equipment.
- Create a data retention policy that states how long documents and data should be kept and how they should be deleted.
- Use shredders when discarding important paper documents.
- Lock your trash or recycle bins and keep them locked until they need to be picked up.