Regularly I find someone saying “I’ve been hacked” and when I get more details it turns out they’ve been scraped. What’s the difference?
Hacked or Scraped?
Today on Facebook a friend posted “I’ve been hacked. Don’t accept friend requests from me”. In this case, a hacker has scraped her photo and personal details to create a fake profile. The hacker then uses the fake profile to collect friends to whom they can send malicious links or requests for cash.
How does this relate to small business? Hackers scrape business web sites for details about the company’s owners and employees. Then they use that information to send malicious links or requests for cash. Usually they create an email account that looks like it’s coming from the owner or an executive and then send emails requesting cash transfers.
This happened to a client a few years ago. The hacker created a gmail account that looked like it was from the owner (including the company logo in the signature) and sent an email requesting a money transfer from one of the employees. The employee was convinced they’d been hacked until I pointed out the email address didn’t match and every detail in the email could have been scraped from their web site.
Sometimes it’s hard to tell the origin of an email. Anytime I get an odd email I make sure I look it in Outlook which shows me more information about the sender and lets me see the code behind it particularly links.
How do you protect your business?
Don’t click links in email unless you’ve checked it thoroughly for the sender, the email address and where the link goes (dragging it to the Junk folder will take out the formatting so you can see the true link). Make sure you have strong policies and procedures about money. When in doubt, phone the person who sent the email.
And if your Facebook friends report getting another friend request from you, ask them to report to the request to Facebook.
Hacked or Scraped? Know the difference.