What is screen scraping?

Times are changing and new techniques are emerging to spy on our PC and among them is screen scraping. This technique has become notorious among cybercriminals, who want to sneak into the bank accounts of unsuspecting users. Let’s see what it is and how we can protect ourselves from these pirates.

Computer security is also advancing, as new methods of carrying out cyber attacks are emerging all the time. One of the most vulnerable victims are regular users who use the computer and smartphone as is. Your little knowledge is fresh meat for these cybercriminals.

What is the screen scraping method?

Screen scraping is a technique in which information displayed on a digital screen is copied to use that information for other purposes. It is not only used for illegal purposes, but some other technical services (requiring permission and pre-approval) use screen scraping to fix a computer problem.

The data that can be collected is all that is displayed on the screen: texts, images, applications or web pages, among others. The most common ways to extract this information is with a screen scraping program that collects everything, or manually with individual efforts.

Interestingly, it is used a lot in the banking world to collect data, which ends up badly. The temptation to collect this data for their own and illegal purposes could result in cybercriminals taking control of your bank accounts.

That’s why on many websites, asterisks appear when we enter the characters of our user password: to prevent the password from being saved visually. Another different case is the keylogger which records what you type without seeing anything, this is more deadly!

Bank related apps like Fintonic or Mint both should be avoided because we allow them to hack into our accounts via screen scraping, how else would they tell you how much money you spent this month and how you should save?

How to scrape screen?

It can be done in several ways and it all depends on what the process is used for. Using Java, one can take the source code of an application and paste it into themselves if they have access. Screen scrapers are found in applications like Selenium or PhantomJS that allow grabbing information from HTML in a browser.

In the banking world, the third party (cybersecurity or software company) will ask the user to give consent for the remote login, thereby gaining access to the data (financial transactions, bank details, etc.).

How to prevent screen scraping?

You already know that “the thief will come in if he wants to steal”, but if we put too many obstacles in front of him, he may give up and go after another prey. There are several ways to avoid using this technique for fraudulent purposes.

First, you must detect screen scraping, which is not easy, but every thief leaves a trace. In our scope, the tracks include some unusual behavior, signatures we don’t remember to sign, page requests, etc. it could be.

Screen scrapers can’t see a password until it’s used, so it’s a good idea to constantly change your password. The hardest thing would be to use a different password for each login, but we understand this is a nuisance for the average user.

Use a firewall in web browsers to detect unusual signatures or behavior. Use antivirus or antispyware software to detect possible intrusions.

How is it related to APIs?

First, an API (Application Programming Interface) is defined as an interface that can synchronize, connect a database with an application. They bridge between a database and an application, but securely and without intermediaries or third parties.

Bank APIs connect a database (customer’s accounts) to different programs to promote products or services, such as managing payments. In contrast, APIs are related to Open Banking, but what is this Open Banking?

It should not be confused with web scraping or data scraping. Web scraping only aims to extract data from web browsers and share the data contained in them. In fact, it’s often said to be some kind of screen scraping, but the truth is it’s technique, not form, that’s all shared with the original concept.

And sharing the whole screen isn’t the same as just sharing an app’s window: information is less and although we are vulnerable, reflection isn’t the same. On the other hand, data scraping is another variant used to extract human-readable and structured data. It is used much less.