Dumpster diving is a physical social engineering attack where attackers search through dumpsters, recycling bins, or trash cans for sensitive information. This attack exploits the careless disposal of confidential information.
Example:
David wrote down the access code to the company’s server room on a sticky note and, threw it in the office trash bin at the end of the day. Unbeknownst to him, an opportunistic individual rummaging through the dumpster behind the office stumbled upon the discarded sticky note. With the access code now in their possession, the dumpster diver later gained unauthorized entry into the company’s server room, potentially compromising sensitive data.
Prevention Tips:
- Shred sensitive documents before discarding them.
- Avoid writing down sensitive information.
- Securely store documents containing sensitive information.