Skip main navigation

Defining Dumpster Diving

In this video Lisa Gilbert will explain dumpster diving, explore the main objectives of this type of social engineering attack, and who is at risk.
Hello and welcome to section 1.6 of the attacks course, Dumpster Diving. I’m Lisa Gilbert, and I will be sharing a lot of helpful information so you can understand this type of attack and defend against it. In our discussion of dumpster diving, I will first define dumpster diving and why it’s important to understand and prevent. Next, I will discuss what attackers are trying to accomplish. Then I will explain exactly who is at risk and explore the red flags and warning signs that an attack could take place. We will also explore some of the tactics used by attackers, and I will share real life examples. Lastly, I will describe how you can protect yourself and your organizaton from dumpster diving attacks.
Dumpster diving is a completely low tech physical attack that involves searching through trash for information that could be used in a cyber attack. Remember that one man’s trash is another man’s treasure. Just because you don’t need that credit card statement after you paid your bill doesn’t mean that someone attempting to steal your identity wouldn’t find it very useful. The same is true of your organizaton’s intellectual property or trade secrets. What are attackers searching for in dumpster diving? Keep in mind they are motivated enough to search through your trash, so what they’re looking for must be valuable to them. In the case of a company’s refuse, they may be looking for the full names of employees, business partners, and contractors.
Account login credentials would be considered gold. They may also be looking for marketing information, email addresses of employees, sensitive customer or employee information, company operations information, corporate secrets, medical records, bank statements or other financial information, or technical support logs. The new year is often a treasure trove for dumpster divers because people discard old calendars and journals that may have valuable notes recorded in them. Who is at risk for a dumpster diving attack? Anyone who discards interesting trash would be at risk. What is interesting? All the things listed before. Even private individuals should not discard things like bank or credit card statements, medical bills, et cetera.
On a corporate level, you want to make sure not to improperly discard anything that could put your organizaton at risk.

In this video you will learn more about dumpster diving, to complement your learning from the previous course. We will explore the main objectives of this type of social engineering attack and identify who is at risk.

This article is from the free online

Cyber Security Foundations: Common Malware Attacks and Defense Strategies

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education