Protecting your business from email scraping: are your website contact details putting your business at risk?
It’s standard practice for businesses to publish generic contact email addresses online. Your website is your first point of contact and your digital shop window, and a good customer experience means offering your prospective customers easy ways to get in touch. Any established business will agree that they may even lose track of their digital footprint over the years, with their generic contact email addresses appearing in various forums, partner websites, and articles. This sprawl has benefits (it can direct customers your way) and drawbacks, and a definite disadvantage is the risk associated with email scraping.
What is email scraping?
Email scraping, also known as email harvesting, is a form of hacking where the hacker acquires large quantities of information from public websites using automated software. As opposed to phishing or social engineering techniques that trick people into giving up personal information, harvesting emails does not require any human interaction. In the past, hackers would harvest emails by manually clicking through website pages and following links for pages containing publicly available email addresses. Today, bots, software or scripts collect email addresses from websites, message boards, or other online forums. These emails are then sold for profit or used for spamming. Most businesses often have no knowledge they have been ‘scraped’ until they receive an unsolicited sales approach or fall victim to a malicious phishing attack.
How does this affect businesses?
While not all web scraping is inherently harmful, businesses need to be aware of the risks to keep their information secure. Some bots scrape websites to aggregate data and conduct legitimate market insight and sentiment surveys. There are also valid commercial examples, such as travel sites and various comparison sites.
Sales prospecting activities:
Your emails could also be sold for profit or used for spamming. Many SaaS companies offer email scraping/ database building technologies to support digital sales campaigns. And whilst annoying (and not consistently in line with international data compliance laws), it’s essentially a sales approach and doesn’t pose a risk to your data security.
Malicious attacks and phishing:
But it does get murkier. Unfortunately, cyber-criminals use email addresses to elicit personal information from people, using templates imitating official brands and urging the recipient to ‘take urgent action’ or ‘click a link’.
A significant issue is the growing sophistication of these attacks and the approaches hackers are using. Hackers will target a specific individual in a company and move laterally, building trust within a network. Many hackers will create a fake LinkedIn account for their persona to carry out the attacks, giving the impression of legitimacy.
This interaction could lead to an employee accidentally sending sensitive documents over email, allowing criminals to use stolen personal data, open bank accounts, obtain loans, and commit fraud or identity theft. Employers need to train their employees on how to recognise common scams like phishing emails. Employees should never share any personally identifiable information in response to requests they receive in their inboxes.
Some revealing statistics and the financial impact:
The UK Government’s annual Cyber Security Breaches Survey for 2021 highlights that among those that have identified breaches or attacks, around a quarter experienced them once a week. The most common cyber security breaches are phishing attacks (for 83% and 79%, respectively), followed by impersonation (27% and 23%).
These attacks cost UK businesses an average of £8,460 over the past 12 months. For medium and large firms combined, this average cost is higher, at £13,400. And it’s worth noting those are the businesses that are actively identifying and mitigating the threat; for those companies with no proactive measures, the outcomes can be far more severe, resulting in the closure of their business.
How to protect and secure your business:
It’s vital to secure your business against the threats associated with email scraping. We recommend two layers of security: one focused on combatting threats, including spam and malware, and the other focused on driving compliant, secure behaviours and practices within your team so your entire business is better protected.
Advanced Threat Protection for Emails:
It may surprise you that the standard security provided by email and domain providers doesn’t offer the level of protection most businesses require to ward off threats effectively. Our advanced threat protection is specifically designed for this purpose, mitigating spam and malware, along with advanced threats such as spear phishing and ransomware.
Advanced threat protection can prevent malicious emails from ever hitting your inbox. Malicious link checking is a crucial protective measure; it opens suspect links within a zero risk, controlled environment, determining their legitimacy before blocking or moving them into your inbox. Equally, spam protection helps to identify multiple types of email threats, including phishing emails and those with suspect links. A high-performing spam filter effectively removes the burden of weeding out suspicious emails and spam from the user and allows them to focus on the emails relevant to their day job.
Cyber security training:?
Driving compliant behaviours, awareness, and a culture of good practice around cyber security is a seriously effective way to reduce the risk of a breach. Human error causes more than 90% of network security breaches. Hackers don’t break-in, they log in, and it’s your people who could inadvertently hand over the details.
We can work with your team to cover IT best practices, phishing and other social engineering techniques – we also have content on data privacy and compliance regulations for organisations if you need it. The result is a well-trained team that is more aware and therefore likely to respond to malicious content with vigilance in the future.
Do you have the protection you need?
Does your business have an up-to-date IT security strategy? Would your business survive a cyber security attack? If you’re not sure, you’re not alone. Many companies find it a hassle to select and implement the services they need to stay safe.
At BCS, we’re experts in this area, and we’d be happy to guide you through Cyber Security options that would protect your business. To find out more about Email Security, Cyber Security, or discuss your broader IT strategy, don’t hesitate to get in touch today.
If you’d like to discuss any of the topics covered in this article, don’t hesitate to reach out. Or, if you’d like to book a Security Audit or would like to to find out how we can help you set up Advanced Threat Protection in your business get in touch today.