What’s In Your Bins?
What’s in your bins a cyber criminals goldmine
Are you throwing away data?
Identity theft and fraud are ever growing threats these days as criminals rack up millions of pounds and the victims are left massively in debt. So how are these criminals getting this information? well you might be putting it in the bin.
Hackers can use complex and sophisticated tactics involving vulnerability scanning, password cracking and spoofing or they can use social engineering.
A common part social engineering information gathering is a practice known as dumpster diving. This is where the criminal goes through things that you through out.
What are they looking for?
Bills: These will have your name or company as well as your address, who you do business with details on transactions including amounts, dates, and identifiers.
Example: With the information in the bill I can could ring you up claiming that a payment rejected but you got our bank details wrong. I will provide you with my details and I will steal your money.
Bank statements: These will have your name or company on them as well as your account number or sort code, transaction history what companies you deal with including who you’ve paid and who has paid you.
Example: With this information I could contact you pretending to be the bank and ask you details to confirm on the list transactions with details you give me I could then empty your bank account.
Old electronics: Devices such as old laptops and desktops still contain data such as passwords and user names, emails official documents customer data, contact details. It may also connection details that I could use to hack your work network.
Example: With the information I get off an old laptop I could get into your email account and send a phishing email to all your contacts pretending to be you.
Memos: These can contain passwords, phones numbers email address pin codes anything that you might jot down as a reminder. These memos are often easily lost or misplaced and will find their way in the bin.
Example: If I found a note with a password on I could get into your system and steal more information.
To combat this there are several steps you could take.
- Read and follow your company’s disposal policy (if they have one)
- Make sure sensitive documents are cross shredded (normal shredding isn’t good enough).
- Remove anything that can store data such as disk drive from any electronic device you dispose of and safely wipe or destroy them separately.
- Educate others in the house or business on the dangers of what they through away.
- Consider putting locks on your bins especial the paper and card recycling bin (if you have one).