Order Receipt: Gateway to Phishing
When it comes to data security, every minor detail is considered to be very important. In our daily life, we may be following some guidelines to protect our Digital private information on the various online platforms but the same awareness has faded away when it comes to the security of Non-Digital information. In my earlier story, I have explained how the Photocopiers sell our sensitive information without our knowledge and we still ignore it.
A very similar issue you can observe with the online orders you receive daily. We all know that almost every E-commerce website like Flipkart, Amazon, Myntra, etc delivers our favorite stuff to our doors without any hassle. Every order comes along with a payment receipt that mentions some of your general information like
1- Address
2- Contact information
3- Content of the order
4- Order ID
5- Payment method
6- Delivery partner
7- Date and Time
8- E-mail ID
This information is necessary to uniquely identify you and your location. But do you ever think if this collective information falls into wrong hands, what will happen? Without knowing the consequences we simply throw our Information in the garbage without tearing or shredding it properly.
You may have heard about this phenomenon called “Dumpster Diving” which means a technique used to retrieve information searching through the trash for obvious treasures, such as access codes or passwords written down on sticky notes that could be used to carry out an attack or gain access to sensitive information.
If you carelessly throw your payment receipt along with your information then you may be opening the doors for multiple security attacks. For example, a scammer with this information can pull a planned scam, telling you some hoax story something like “the order sent to you is the defective one, we would like to replace it with a new one and our delivery partner will come and take the order back ”. To convince you they will use information like order ID and shipping details which you won’t be able to deny. This was just a sample scenario, there could be multiple Phishing attacks possible only with the combination of your phone number and Email ID, and address details.
You must understand the fact that your Non-Digital information is equally important to your Digital information. Don’t forget to shred your documents properly before throwing them in the garbage because your garbage can be a treasure to someone else.
