Computer criminals look for data that could be relevant to commit cybercrimes even in the digital bin. This criminal practice is known as 'dumpster diving'.
Company employees may discard emails or digital files that they feel are no longer useful. These can include company calendar dates, network diagrams, credit card receipts, budgets, names and passwords, financial analysis, and more. This data, which some people delete, is a real treasure trove for cybercriminals.
Through the data collected from the garbage of companies, fraudsters can obtain phone numbers to carry out phishing attacks and pose as employees to deceive entities. They may also know important dates or other information to make their deception more believable and convince victims.
Dumpster diving can be done through social engineering attacks or by accessing documents on discarded computer or storage media that have not been formatted. If a cybercriminal gains access to them, they may have many cards in their favor to carry out cyber attacks on companies.
Tips to prevent a company from being a victim of dumpster diving
The first step is to teach the workers of a company the existence of said criminal technique and that they learn how they should act.
Format all electronic devices on which company information has been stored before disposing of them. You have to make sure that the data has also been removed from the hard drives.
Have a data retention policy and ensure that the destruction of sensitive data is done safely and that no trace is left behind.