Often used to refer to computer spammers, individuals who try to sell or seduce others through email advertising or solicitation. Account harvesting involves using computer programs to search areas on the Internet in order to gather lists of email addresses from a number of sources, including chat rooms, domain names, instant message users, message boards, news groups, online directories for Web pages, Web pages, and other online destinations. Recent studies have shown that newsgroups and chat rooms, in particular, are great resources for harvesting email addresses.
Search engines such as Google have become an excellent source of email addresses. With a simple automated search using the search engine’s API (Application Programmers Interface), an individual can get all email addresses that were collected by the search engine. In particular, it is of interest when an account-harvesting effort targets a particular domain, such as launching a spear phishing attack against a target.
Preventative measures for harvesting include masking email addresses for harvesting software, using a separate screen name for online chatting that is not associated with one’s email address, setting up two separate email addresses—one for personal messages and another for public posting, and using unique email addresses that combine letters and numbers.
Federal Trade Commission (FTC). Email Address Harvesting: How Spammers Reap What You Sow. [Online, November, 2002.] Federal Trade Commission Website. http://www.ftc.gov/bcp/conline/pubs/alerts/spamalrt.htm; Martorella, C. Google Harvester. [Online, April 5, 2006.] http://www.edge-security.com/soft/googleharvester-0.3.pl.