Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential
customer information in a recycle bin without shredding it first. This is MOST likely to increase the
risk of loss from which of the following attacks?

A.
Shoulder surfing

B.
Dumpster diving

C.
Tailgating

D.
Spoofing

Explanation:
Dumpster diving is looking for treasure in someone else’s trash. (A dumpster is a large trash
container.) In the world of information technology, dumpster diving is a technique used to retrieve
information that could be used to carry out an attack on a computer network. Dumpster diving isn’t
limited to searching through the trash for obvious treasures like access codes or passwords

written down on sticky notes. Seemingly innocent information like a phone list, calendar, or
organizational chart can be used to assist an attacker using social engineering techniques to gain
access to the network. To prevent dumpster divers from learning anything valuable from your
trash, experts recommend that your company establish a disposal policy where all paper, including
print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased,
and all staff is educated about the danger of untracked trash.