Just like a data breach in which a hacker breaks into secure computer systems, data scraping can expose your important data, leaving you open to password breaches and phishing attacks.
By Burton Kelso, Technology Expert
Are you one of the millions of people who are worried about the data breaches that have occurred with Facebook, LinkedIn, Clubhouse, and Q Link Wireless? If so, you’re in good company: in April 2021, Facebook experienced a data breach affecting 533 million users, and 1.3 million Clubhouse users had their data stolen. Even if you escaped these attacks unscathed, cybercriminals have resorted to “data scraping” to obtain your personal information off social media to either sell the highest bidder or to use it to target you with personal cyber-attacks to get your money.
What Is Data Scraping?
The term data scraping refers to a bot or a computer program that extracts data from websites or other platforms. Data scraping, also known as data harvesting, has been around since the beginning of the World Wide Web. The information normally collected includes data such as names, email addresses, phone numbers, and more. This technology is normally used by marketing companies that want to conduct advertising research or to find sales leads. But like many technology tools, programs that were created to benefit people can also be used to take advantage of them, as we’ve seen with several social media websites suffering a data breach due to data scraping.
Why is it a Problem?
Just like a data breach in which a hacker breaks into secure computer systems, data scraping can expose your important data, leaving you open to the following attacks:
- Password Breaches. Under most circumstances, passwords aren’t leaked during data scraping, but the data that is leaked can help a criminal figure out your password. If you’re like most people, you probably use passwords that are based on your personal interests and your personal lives. All of this information is available on your social media accounts in the form of your biography or the information you share in posts on social media. Once this information is gathered, it’s pretty easy for a hacker to figure out your passwords.
Phishing Attacks. “Phishing” is a type of social engineering in which an attacker sends a message – which appears to be from a trusted entity – designed to trick you into revealing sensitive information or to deploy malicious software (like ransomware) on your computer and network. If a criminal gets hold of the information leaked in a web scraping scheme, it makes it much easier to create phishing attacks that are designed to target you. Hackers can find out which phishing attacks you’re more susceptible to falling for. Phishing comes in a variety of forms such as email, text, and voice, which means if criminals have access to multiple forms of contact, they can continually bombard you with phishing attacks.
Phishing Attacks. “Phishing” is a type of social engineering in which an attacker sends a message – which appears to be from a trusted entity – designed to trick you into revealing sensitive information or to deploy malicious software (like ransomware) on your computer and network. If a criminal gets hold of the information leaked in a web scraping scheme, it makes it much easier to create phishing attacks that are designed to target you. Hackers can find out which phishing attacks you’re more susceptible to falling for. Phishing comes in a variety of forms such as email, text, and voice, which means if criminals have access to multiple forms of contact, they can continually bombard you with phishing attacks.5 Tips to Prevent Data Scraping
How can you protect yourself from this emerging new threat? Ultimately, it’s up to big data companies to enable practices to keep your information from falling into the hands of criminals, but in the meantime, there are some things you can do to protect yourself from data scraping.
- Become a Cyber Liar.
Yes, you want people to know who you are, but you need to keep your information safe. Don’t be so forthcoming about what you share online. If you can, change your social media profile names and create an online alias to keep your personal information off websites. This also includes using a fake address, fake phone number, fake date of birth, and being dishonest when answering security questions about your first pet’s name, the street where you grew up, etc. - Change Those Passwords and Start Using Passphrases.
Again, it’s rare that a password would be leaked with data scraping, but if you’re like most people, you’re still using passwords. Make the switch to Passphrases – sentence-like strings of words used for logins that are longer than a standard password. They are easy for you to remember and difficult to crack. An example of a passphrase would be “YellowmicrophoneStand!” or “stinkyVioletchicken35?” - Set up Two-Factor Authentication on All Online Accounts.
There’s always a good chance a criminal can get access to your online accounts, which is why you need to enable two-factor authentication to keep your accounts secure. When it’s enabled, you get an email or text alert that someone is trying to get access to your accounts. If it’s you or someone you trust, you can allow access. If it’s a crook, you can deny them access. - Use a Password Manager to “Remember” Your Passwords.
If you’re like most of us, you have a ton of online accounts, and keeping on top of all of those passwords is a challenge. Stop struggling and start using a password manager such as LastPass, Dashlane, Keeper Password Manager & Digital Vault, Bitwarden, or 1Password. A bonus with password managers is they are always scanning the web to see if any of your passwords have leaked on the dark web. Using your web browser – e.g., Google Chrome, Mozilla Firefox, Apple Safari, or Microsoft Edge – to keep track of all your account passwords is better than nothing, but unfortunately, it’s not that difficult to steal passwords from browsers. Anyone with access to your computer can find your passwords quickly and easily via “Preferences” or “Settings”; a few clicks, and all your passwords are visible. - Keep Ahead of Data Breaches by Making Sure You Haven’t Been “Pwned1.”
Many of the companies you deal with aren’t forthcoming if they experience a data leak. Websites like www.haveibeenpwned.com allow you to stay ahead of the game and track breaches that involve your information.
If you’re like most of us, you have a ton of online accounts, and keeping on top of Data breaches can change the course of your life. Businesses and individuals alike can experience huge complications and financial losses from having sensitive information exposed and gathered by criminals. In this digital age, make sure you’re taking steps to stay safe and keep up-to-date about how to protect yourself from data breaches.
1 According to Wikipedia, “Owned and pwned (generally pronounced ‘poned’) both refer to the domination of a player in a video game or argument (rather than just a win), or the successful hacking of a website or computer. It is a slang term derived from the verb own, meaning to appropriate or to conquer to gain ownership.”
Burton Kelso is the Chief Technology Expert and Founder of Integral, a technology company offering service, consulting, and problem-solving for clients. He has worked with hundreds of customers across many different industries, and he takes pride in finding solutions tailored to each one’s individual needs. www.callintegralnow.com
Related Articles
The Perils of Password Security for Family Lawyers
Password security protocols are crucial to protect your data – but some popular security measures can be risky business for family law firms.
Does Your Family Law Firm Have a Cybersecurity Strategy?
Most small family law firms don’t have in-house IT staff to oversee cybersecurity, so how can lawyers protect themselves & their clients from cyber-attacks?
How to Avoid Security Breaches To Protect Clients’ Data
Technology advancements have created wonderful benefits for our profession, but a huge downside to this is the continuing challenge of preventing security breaches, identity theft, data mining, and the sale of data as a commodity.
6 Tips for Running Your Law Firm Remotely – and Keeping Hackers Out
Running your firm remotely can help you be more productive – but can you keep your clients’ data safe and your devices out of harm’s way? Learn how here!
