What is data scraping?
Data scraping is the process of extracting data from a website using automated tools and importing the information to another program/computer. This technique is used to collect vast amount of publicly available information and reuse it elsewhere.
Journalists and researchers routinely use this method to collect data to assist in investigations and studies. Marketing companies also use it to assess consumers’ perspectives and behaviors. However, spammers can use this method to catalog data and create enormous datasets to sell to cybercriminals who use it for malicious activities.
Over the years, many social media platforms have faced data scraping. Cybercriminals can potentially use this information for:
- Sending spam: unwanted, unsolicited digital communications sent out in bulk via email, text messages, phone calls, or social media
- Malicious social engineering in the form of highly targeted phishing. The message looks authentic since factual details were extracted from the scraping. Some common types of phishing attacks are Spear Phishing, Whaling, Business Email Compromise, Smishing and Vishing
- Employment scams
- Identity Theft
- Create “synthetic identities” for fraudulent credit and financial applications
- Location data
- Brute forcing passwords
- SIM (Subscriber Identity Module) Swaps
If you have a personal LinkedIn account, your public-facing data has likely been scraped. Although data scraping is prohibited by LinkedIn, the company issued a statement in June this year confirming that its data had been scraped. They assert a breach did not occur and no private data was exposed, but members were put at risk. The BBC reported that the hacker announced the sale of a database of 700 million LinkedIn members which the hacker compiled “for fun,” and is selling to “multiple happy customers” for approximately $5,000.
Incidentally, in 2019 LinkedIn lost a data scraping court case against HiQ Labs Inc., a data analytics company, for using the scraped data to analyze employee skills or alert employers about employees possibly seeking new jobs. LinkedIn contended that data scraping threatens the privacy of its members. In July 2021, the US Supreme Court vacated the finding and remanded the case to a lower court for appeal.
Security Best Practices
So, what can you do to avoid being a victim of data scarping? Here are some tips:
- When creating a profile on social media, provide minimum information about your personal and professional life.
- Always use a different password for each account.
- Use a password manager.
- Confirm privacy settings on your personal devices and online services. Visit the “Manage Your Privacy Settings” page by the National Cyber Security Alliance to review privacy settings of popular devices and online services.
- Prevent mobile devices from accessing GPS information.
- Be suspicious of all unsolicited emails and text messages at home and work.
- Focus on the source of all emails.
- Never click on links on your personal or work emails or text messages. Instead open a browser and type the website address.