Skip to main content


SE'ing Encyclopedia

Updated: 08/09/2022:    If you've ever wanted to know every term and method relative to social engineering, Irrespective of your level of experience, then you've come to the right place. This SEing encyclopedia, has everything you need pertaining to common terms and methods that're used In today's world of exploiting the human firewall. All topics Include a brief description, as well as a few examples of how each term Is used In a sentence- which will be of benefit to those new to the SEing sector. To help refine your search, I've added a table of contents, whereby you can pick and choose exactly what you're looking for. 

Dumpster Diving

Gathering Information By Performing Dumpster Diving.

One very effective method used by social engineers to obtain as much Information as possible about a company, namely "confidential details", Is what's called "Dumpster Diving". The majority of organizations do not shred their documents prior to disposing them In the trash, which makes It an open Invitation to social engineers, by jumping Into the dumpster and grabbing every bit of paperwork thereafter.

As an SE'er and on the grounds you want to get personal details of a company and Its employees, If you've never performed dumpster diving, then provided you have physical access to the premises, "this should be your first port of call". You'd be very surprised at the nature of Information that can be collected. Let's have a look at the typical types of paperwork that employees tend to simply throw In the waste basket, and eventually makes Its way to the dumpster.

What To Expect When Dumpster Diving:

* Sticky Notes.

Also known as a "Post-It Note", sticky notes are commonly used In an office environment. Employees tend to write all types of details such as names, addresses, phone numbers etc. This usually happens when they're In a hurry whilst having a conversation over the phone with (for example) a client, or personal business contact. After the call has ended, the employee enters the Information Into their PC, and throws the sticky notes In the waste basket.

* Tax Invoices.

Company tax Invoices, can contain an array of valuable details that the social engineer can use to his advantage, such as the buyer's name and address, telephone number, email address, ABN- Australian Business Number (see what's equivalent In your country), and the list goes on. All this can be used by the SE'er, to take the role of a company representative. "He'll then SE the buyer by first verifying their details and then (using the excuse of restructuring their account's section), ask the buyer to redirect payment Into the social engineers account!". It's that simple.

Admin workers tend to throw out tax Invoices, without shredding or tearing the document beforehand. This typically happens when they've made an error on the Invoice, and then need to generate a new one. Not good news for the company, but excellent for the social engineer.

* Personal Employee Details.

This Is a commonality with every company on every scale. Although we operate In a digital world, companies do keep hard copies of personal employee details stored/filed to some degree. As a worker, you may not notice this, but It does happen. The records kept can Include employee contracts, superannuation documents, salary payslips etc.

Depending where the company Is located, by law, they are required to keep such records for ex-amount of years, prior to disposing them. And when they do, once again, they'll simply dump the lot Into the dumpster as Is. I don't need to elaborate on what you can do, once you've grabbed the Information

* Resumes/CVs.

I'd say this Is the most valuable source of Information, that the social engineer can get his hands on. Basically, "a resume/CV Is the Identity of the person In question". It Includes (but not limited to) family & given name, date of birth, address, phone number, email address, their likes/dislikes, hobbies, previous employment history, next of kin and so on and so forth.

Although the majority of resumes are sent via email when applying for employment, some applicants are old-fashioned and prefer using the good old "fax machine". As a result, It's obviously "kept on paper" and when the office department finishes assessing It, they'll scrunch It up and throw It out In the one piece. With this type of Information at your disposal, you can build an Identity from the ground up within the hour.

How To Perform Dumpster Diving:

As simple as It may seem, dumpster diving doesn't only Involve jumping Into the dumpster and grabbing everything you can get your hands on. In order to maximize Its effectiveness, there are a number of factors to consider prior to getting your hands dirty. I will detail each one very briefly In point form as follows.

* The Dumpster Must Be Full.

It serves no purpose jumping Into an empty dumpster, or If It's only 10% full. The objective Is to get as much paperwork as possible, thus you need to "Identify precisely what days It gets picked up and attend the night before". Circumstances Inevitably change, so prior to making your move, first check whether It Is In fact full and If so, you're good to go.

* The Tools That You'll Need.

Obviously you're going to dumpster dive during the night, so be sure to take a "small flashlight/ torch", a few plastic carry bags, a backpack and a pair of scissors. Given you'll be grabbing a lot of papers, cutting open bags & cardboard boxes and then placing them Into your backpack, these tools are certainly necessary.

* Wear Plain Dark Clothing.

This Is pretty much stating the obvious, but nonetheless, definitely worth mentioning. Your clothing must be dark, and "without any branding" that can potentially lead to personally Identify you If you've been spotted. Don't overdo It, such as wearing a balaclava. This Is a dead giveaway that you're doing something out of the ordinary.

* Do Not Drive To The Premises.

Believe It or not, "your vehicle Is your Identity". All It takes Is for someone to take note of the license plate, report It to the police and they'll be knocking on your door before you have the chance to arrive home. Catch public transport (train or bus), and be sure to exit a few hundred meters away. This leaves no trace of how you arrived at the premises.

* Make Sure The Coast Is Clear.

Again, this Is pointing out the obvious, but easily overlooked when you're In a rush. The moment you've arrived and walking toward the premises, look around to see If anyone Is watching your movements. If you happen to cross paths with someone, to avoid raising suspicion, greet them with a smile and keep travelling as per normal.

* You're In The Dumpster.

When you've jumped Into the dumpster, you need to be as quick as possible, yet very methodical with what to look for. "Place the small flashlight/torch In your mouth" (this Is why I said It must be "small!"), therefore you'll have both hands free to get the job done fast. If a bag feels heavy and somewhat damp, leave It be- It's most likely from the company's kitchen area, hence won't contain anything useful. If the bag feels very light with a rustling sound, then It'll contain papers- this Is what you're after, so grab as many bags as you can.

* Checkout Everything At Home.

You will not have any time whatsoever, to start sifting through paperwork whilst Inside the dumpster, so be sure to take everything home with you. As such, you'll have all the time In the world  to piece together all the bits and pieces that you've collected.

In Conclusion:

If you've read every section thoroughly, you now have all the tools and know-how to perform dumpster diving In a very effective and efficient manner. By exercising caution, common sense and good judgement throughout your experience, I have no doubt that you'll achieve your objective with minimal disruption.