Web Scraping is making
you a target
Chuck's Cyber Wall
Web Scraping, also known as Data Scraping, has been around for decades. It began as a way to test advertising strategies and evolved into a massive part of data-driven marketing used to predict customers’ needs, desires, and future behaviors. Simply put, it is a process of collecting data from websites and channeling it into other websites or spreadsheets. If you’ve ever searched the internet for a product and then seen ads for that product on other websites or a social media page, you’ve experienced web scraping.
Automated systems have made it possible to extract data automatically from websites. This means that every piece of data entered into a public profile can be collected – and it is perfectly legal.
HACKERS ARE WEB SCRAPING
As mentioned, web scraping is perfectly legal. The ethics of it, however, can be questionable. If done in a good way, it can help us make the best use of the internet. The Google search engine is an excellent example of this – their web scraping algorithms provide our search results.
Unfortunately, hackers have no such ethics.
Cybercriminals have begun using freely available marketing tools to scrape websites for data. A good example came from 2021 when a data set of 500 million LinkedIn users was put up for sale on the dark web, which included:
- Account IDs
- Full Names
- Email Addresses
- Phone Numbers
- Workplace Information
- Links to Other Social Media Accounts
A cybercriminal can use this information to attack companies through employee information, build targeted spear-phishing campaigns, and select targets for identity theft. With the popularity of remote work and the increased use of personal devices for conducting work, hackers can use this data to circumnavigate enterprise network security.
And that’s not the worst of it.
TARGETING VIA WEB SCRAPING
It’s fair to say that every time we sign up for a new account, the form asks for biographical data such as name, address, phone number, etc. Typically stored in a public profile, this information is vulnerable to data scraping. Add to this how common it is for people to overshare personal information on social media, and it’s like sending an invitation to cybercriminals.
If web scraping tells us anything, it’s that our information is out there and available. That in itself is one of the reasons phishing attacks are so effective. In addition to relying on mass emailing to catch a few, cybercriminals can customize these to large groups with similar profile information to add a greater degree of legitimacy. For example, an email directed at groups of people in one city or state could refer to known landmarks or common services. The more familiar the email seems, the more likely people will fall for the scam.
Keeping that in mind, personal information shared on social media provides cybercriminals with even more data to customize the attacks. When someone shares an address, phone number, the names of family members, or virtually any other information on social media, it’s available to be scraped. Databases can quickly marry up all this data to provide cybercriminals with a complete profile.
They use this information to repeatedly make personalized spear-phishing attacks to steal credentials, financial information, and identity theft.
If you’ve been a financial or identity theft victim, you know that the attacks never stop. When cybercriminals are successful with a target, it encourages them to keep building on that profile. Collecting data provides new and more effective opportunities.
The best thing you can do is avoid becoming a target. That means:
- Never use passwords that have anything to do with what you do online
- Provide the minimum information required when filling out forms
- Adjust privacy settings to share as little publicly as possible
- Never include your address or phone number in a social media post
- Use only broad terms when discussing work in social media posts
- Don’t discuss medicines or diagnoses in social media posts
- Avoid tagging picture locations
These are only the most common things hackers look for when searching for targets. One of the best ways to ensure that you are not falling into these traps is to take a step back and read through your recent posts as a stranger might. How much do you reveal about yourself, your job, your family and your friends?
Don’t be afraid to delete posts, remove personal data, or close internet accounts you don’t need anymore. Cybercriminals are going after the easy targets, and you don’t have to be one of them.
At Clark Computer Services, we have the cybersecurity expertise you need, whether its help with compliance, securing your network, getting antivirus and other security software onto your computers, and more. Contact us at 301-456-6931 or [email protected] to see how we can help you and your business get Cyber Secure!
Director of Cybersecurity and Marketing
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small businesses, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com