The Scraping Trap

A chronological breakdown of how a public email address was harvested, enriched, and targeted within 7 days of site launch.

T-MINUS 0: THE EXPOSURE

Initial Deployment

During functionality testing, contact@get-it.uk was published in the site footer as a plain-text mailto: link. Within hours, automated bot-scrapers had indexed the domain and added the address to a global "Enrichment Queue".

T + 48 HOURS: THE NOISE

Link Removal & Initial Spam

The email link was removed as part of hardening. However, the data was already sold. Automated "junk" spam for gambling and high-yield investments began arriving—the signature of a low-level bot harvest.

T + 7 DAYS: THE TARGETED STRIKE

Brand Impersonation Payload

The attack evolved. By cross-referencing our domain's MX records, threat actors identified Zoho as our service provider. They delivered a "High-Urgency" billing failure notification designed to steal administrative credentials.

EXHIBIT: PHISH-ZOHO-01

Forensic Analysis: Red