One highly effective way to obtain confidential information consists of operating through social engineering (a form of fraud, or manipulation, playing on people’s good faith). This can be done over the phone, via email, or in person. Using a variety of psychological techniques, the criminal wins the trust of his target to extract the desired information from him. This type of attack can be carried out against one or more people within an organisation. In some cases, the criminal will combine numerous pieces of information to gain a full, detailed response about the information that is supposed to be confidential.
A business trip or a meeting with a partner can in themselves be confidential, as they can give hints as to the future strategy of an organisation. This enables otherwise harmless information to be pieced together to reveal highly confidential information. This is why it is always important to verify the legitimacy of a request made to you, and to gauge your response as a consequence.
If someone asks you why a colleague or your boss are not in the office, instead of responding, for example, by saying they are on a business trip to Shenzhen in China to negotiate the details of a business deal, you should preferably simply answer that they are on a trip, and give no further details.