How Does Scraping Work?
Screen scraping, or just “scraping,” is a familiar, often useful process for collecting information from the web. However, in recent years, the technique has become a favored tool of hackers and fraudsters. Countermeasures can effectively mitigate the threat, but to implement them, it’s essential to understand how the process works.
What is Screen Scraping?
Screen scraping is a technique for grabbing data from a system that involves an automated toolset impersonating a software client or a web browser. It’s not new. In fact, for software engineers who may need data from an old mainframe, screen scraping can be the only way to extract information. The original connectors may be gone and impossible to replace.
Today, though, screen scraping invariably means a programmatic approach to pulling data from a website. The screen scraping software acts like a human user, clicking on buttons and reading the resulting output. There are many legitimate uses for screen scraping. Web crawlers that power search engines are one example. So are tools like Skyscanner that look for travel deals by combing through thousands of travel websites. Fintech firms use it, too, scraping user’s financial data from bank sites if there are no Application Programming Interfaces (APIs) available to make the data connection. The things to keep in mind about screen scraping are its speed and scalability. The process can harvest immense amounts of data from websites, assuming the sites are not configured to stop it from happening. At the speed of compute, a screen scraper can amass large datasets by interacting with websites and the underlying software and databases that power them.
Why is screen scraping a security threat?
The ability to extract a lot of data, quickly, from websites makes screen scraping a powerful tool in the hands of malicious actors. A screen scraping bot can gather user data from social media sites. Then, by scraping sites that contain addresses and other personal information and correlating the results, a hacker could engage in identity crimes like submitting fraudulent credit card applications.
A screen scraping hacker could also gather data from sites like Amazon and eBay to create fake or deceptive product listings. He or she could then offer them for sale on peer-to-peer services like OfferUp and conduct phishing attacks on the buyers. Or, the fraudster could sell products that don’t exist.A further screen scraping fraud involves faking out ad publishers. By scraping the content from publisher sites, the fraudster can create fake ad publisher pages on different services. They can then sell ads on those pages to authorized resellers, whose contacts they harvested from the publisher’s ads.txt file. The ad slots appear real to the advertiser, but they are not.
Prevent Screen Scraping with BotStop by hCaptcha
BotStop uses advanced machine learning to identify malicious traffic to your site and apps - including scraping activities. Contact us today to learn more.