Dumpster diving is a form of social engineering attack in which potential attacker looks for valuable information in a target’s trash. It is done with the aim of gaining unauthorized access to computer systems from disposed items such as sticky notes. The best prevention method against dumpster diving attack is to establish proper disposal policy. This should include methodical destruction and shredding of papers and printouts before recycled or thrown out to the trash bins. Another important measure to prevent dumpster diving attacks is to deliver tailored security awareness training.
Dumpster diving in combination with social engineering help attacker stage sophisticated cyberattacks. The attackers may look for information in the trash in the following forms:
- Personnel names
- Access codes
- Passwords
- Credit card receipts
- Reports
- Printed emails
- Phone numbers
- Organizational charts
- Network diagrams or architecture
- Calendar or events
- Memos