Email harvesting is the collection of email addresses from multiple sources without the owner’s consent or knowledge. Cybercriminals execute this harvesting using automated tools that scan websites and databases for email addresses.
The email addresses, once collected will then receive a lot of unwanted emails, and even phishing scam emails. While cybercriminals could use some tools to acquire emails, websites inadvertently give away emails.
Common uses of email harvesting
- Spam campaigns: With a large collection of email addresses, the attackers can essentially send out spam emails to a much larger recipient group. These spam messages can be malicious content or simply intrusive ads, but overall the collection is for sale or spread of malware.
- Phishing attacks: The collection of emails means the attackers have a large store of email addresses that can be used to launch phishing attacks. They can impersonate legitimate senders and trick the recipient into revealing sensitive data about themselves.
- Selling email lists: There is a teeming market for email addresses on the dark web and these attackers can always sell whatever they’ve gathered for a profit.
- Competitive espionage: Business owners could also engage in email harvesting to get enough emails for an ad campaign, fake a list of active subscribers or any other purpose.
- Research and data analysis: Email harvesting can of course be used for positive reasons as well. It can be used to study trends online, and user and market behaviour as well. This is fine and good as long the owners of the email addresses are made aware.