Web scraping has been around for decades. It’s evolved into a massive part of data-driven marketing used to predict customers’ needs, desires, and future behaviors. Simply put, it is a process of collecting data from websites and channeling it into other websites or spreadsheets.
If you’ve ever searched the internet for a product and then seen ads for that product on other websites or a social media page, you’ve experienced web scraping.
Automated systems have made it possible to extract data automatically from websites. This means that every piece of data entered into a public profile can be collected – and it is perfectly legal.
Hackers are Web Scraping
As mentioned, web scraping is perfectly legal. The ethics of it, however, can be questionable. If done in a good way, it can help us make the best use of the internet. The Google search engine is an excellent example of this – their web scraping algorithms provide our search results.
Unfortunately, hackers have no such ethics.
Cybercriminals have begun using freely available marketing tools to scrape websites for data. A recent example is data from 500 million LinkedIn users put up for sale on the dark web. It includes:
Links to Other Social Media Accounts
A cybercriminal can use this information to attack companies through employee information, build targeted spear-phishing campaigns, and select targets for identity theft. With the popularity of remote work and the increased use of personal devices for conducting work, hackers can use this data to circumnavigate enterprise network security.
And that’s not the worst of it.
It’s fair to say that every time we sign up for a new account, the form asks for biographical data such as name, address, phone number, etc. Typically stored in a public profile, this information is accessible for data scraping. Add to this how common it is for people to overshare personal information on social media, and it’s like sending an invitation to cybercriminals.
If web scraping tells us anything, it’s that our information is out there and available. That in itself is one of the reasons phishing attacks are so effective. In addition to relying on mass emailing to catch a few, cybercriminals can customize these to large groups with similar profile information to add a greater degree of legitimacy. An email directed at groups of people in one city or state, for example, could refer to known landmarks or common services. The more familiar the email seems, the more likely it is for people to fall for the scam.
Keeping that in mind, personal information shared on social media provides cybercriminals with even more data to customize the attacks. When someone shares an address, phone number, the names of family members, or virtually any other information on social media, it’s available to be scraped. Databases can quickly marry up all this data to provide cybercriminals with a complete profile.
They use this information to repeatedly make personalized spear-phishing attacks to steal credentials, financial information, and identity theft.
If you’ve been a victim of financial or identity theft, you know that the attacks never stop. When cybercriminals are successful with a target, it encourages them to keep building on that profile. Collecting data provides new and more effective opportunities.
The best thing you can do is avoid becoming a target. That means:
Never use passwords that have anything to do with what you do online
Provide the minimum information required when filling out forms
Adjust privacy settings to share as little publicly as possible
Never include your address or phone number in a social media post
Use only broad terms when discussing work in social media posts
Don’t discuss medicines or diagnosis in social media posts
Avoid tagging picture locations
These are only the most common things that hackers look for when searching for targets. One of the best ways to ensure that you are not falling into these traps is to take a step back and read through your recent posts as a stranger might. How much do you reveal about yourself, your job, your family, and your friends?
Don’t be afraid to delete posts, remove personal data, close internet accounts you don’t need anymore. Cybercriminals are going after the easy targets, and you don’t have to be one of them.
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small business, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com