5

Well this question may not be about computers, but it most definitely is about information security, so I'll give it a try...

I've been repeatedly told in my life that I should always carefully check each piece of paper for any piece of personal information it might carry before throwing it away. This includes bank reports, bills, pen&paper notes about other peoples' telephone numbers with their name and surname, and even my old tests from school that contain my name and surname and the oh-so-very-important information that I scored the grade of 4 for being able to simplify three polynomials but failing to simplify the fourth one.

I tried to follow that advice, but the longer I think about it, I'm curious what the exact risks are? Let's break this by case:

  • a bank report should clearly not be seen by any untrusted individuals;
  • a telephone numer or an e-mail address can be sold to spammers, but let's face it, they likely have it anyway
  • I can't imagine how could anyone abuse the information that some no-name scored a 4 in one of their many school tests?

Even more importantly, how would any ill intentioned individual get all of this information? They would either have to search the recycle container or work in the recycling station. I don't know the facts so I cannot judge, but I find it hard to believe that crooks hire bums who walk from street to street searching bins and containers for any piece of personal information they might find? That some ill intentioned peaople might get themselves hired by a recyclicling station for this purpose seems a little bit more probable to me, but then again, don't crooks have a quadrillion of better ways to obtain some personal information they may seek?

What are the risks of throwing a piece of paper with some personal information to a public recycle bin or container without destroying that piece of personal information first and how can this be exploited?

peterh
  • 2,938
  • 6
  • 25
  • 31
gaazkam
  • 5,607
  • 11
  • 24
  • 37
  • I argue this question may be on topic based on this quotation from https://security.stackexchange.com/help/on-topic : "*Topics include, but are not limited to: (...) **physically** securing the (...) information assets*" (emphasis mine) – gaazkam Feb 20 '18 at 19:04
  • 2
    It is on-topic, don't worry. Information security is often a computer-dominated field but what you are asking is still squarely in the realm of infosec. – forest Feb 21 '18 at 06:32

1 Answers1

5

This practice sonuds a bit over the top to me. Sure, I would be careful with leaving my credit card number or email password in the trash. But apart from highly sensitive information like that, I just would not care.

Emails and phone numbers? There are easier and less smelly ways to harvest them. Bank statements? Might be useful for social engineering, and perhaps something there could be used to impersonate you to the bank in an attempt to take over your account. But again, searching through peoples trash at random doesn't really pass a cost benefit test. Your old school material? Now this is just getting silly...

So unless you are a very attractive target, I'd relax. You might want to brush up your polynomials, though.

Anders
  • 64,406
  • 24
  • 178
  • 215
  • 1
    You don't have to be a _very_ attractive target to become the victim of a dumpster diver mounting a social engineering campaign against you or someone who's personal information you have handled. Simply gaining access to phone payment records can allow effective social engineering techniques that can be used to obtain in detail a person's legal residence, full name, etc, yet you wouldn't think that the amount of money you paid for your phone service in a given time period could be in any way sensitive. – forest Feb 21 '18 at 06:31
  • @forest I'd throw my phone bills in the trash without loosing any sleep over it. As I write in the answers, there are information that could be used for social engineering. But given the high cost of the attack - you can hardly automate this - I would not worry about it. For almost everybody there are more low hanging fruit than buying a shredder. – Anders Feb 21 '18 at 06:38