![](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2023\/02\/22060423\/web-beacons-explained-and-how-to-stop-them-featured.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Anna Larkina| Date: Fri, 24 Feb 2023 11:14:54 +0000<\/strong><\/p>\n Imagine you walk into a shopping mall and a stranger starts following you around the place. They make detailed notes of what stores you visit. If you take a promo flyer, they try to look over your shoulder to see if you read it closely enough. When you’re in a store, they use a stopwatch to measure the exact time you spend at each shelf. Sounds absurd and somewhat obnoxious, doesn’t it? Unfortunately, that’s exactly what happens every time you visit a major website, view e-mail from online stores or services, or use their official mobile apps. The person with the stopwatch is analytics systems connected to virtually every website, application, and e-mail campaign.<\/p>\n Why do companies need this data? There are several reasons:<\/p>\n In a detailed Securelist post<\/a>, we examined the statistics on the busiest of “spies”: Google, Microsoft, and Amazon \u2013 the hungriest for (your) date by a wide margin.<\/p>\n The tracking activities described above are based on web beacons, also known as tracker pixels or spy pixels. The most popular tracking technique is to insert a tiny (so tiny as to be practically invisible) image \u2013 sized 1×1 or even 0x0 pixels \u2013 into an e-mail, application, or web page. When your screen displays information, your e-mail client or browser requests to download the image from the server by transmitting information about you, which the server records: the time, device used, operating system, browser type, and page the pixel was downloaded from. This is how the operator of the beacon learns that you opened the e-mail or web page, and how. A small piece of code (JavaScript) inside the web page, which can collect even more detailed information, is often used instead of a pixel. Either way, the tracker is not visible in the e-mail message or on the website in any way: you simply cannot see it. Yet such beacons placed on every page or application screen make it possible to “follow you around” by tracking your navigation route and the time you spend at each stage of that route.<\/p>\n Marketing agencies and tech companies are not the only ones that use web beacons: cybercriminals use them too. Web beacons are a convenient way of conducting preliminary reconnaissance for targeted e-mail attacks<\/a> (spear phishing, business e-mail compromise). They help cybercrooks find out what time their victims check (or don’t check) their mail to choose the best time for an attack: it’s easier to hack users’ accounts or send fake e-mails in their name while the user is offline.<\/p>\n User information, including behavior and interest data, can get leaked in the wake of a hacker attack. Even market leaders such as Mailchimp<\/a>, Klaviyo<\/a>, or ActiveCampaign<\/a>, sometimes experience these kinds of leaks. The stolen information can be used for various scams. For example, hackers that attacked Klaviyo stole lists of users interested in cryptocurrency investing. A specialized phishing tactic can then be used to target that audience and swindle them out of their crypto.<\/p>\n We cannot control leaks and hacks, but we can make sure that tech giants’ servers collect as little data about us as possible. The tips below can be used separately or combined:<\/p>\n\n
How web beacons and tracker pixels work<\/h2>\n
Cybercriminals and web beacons<\/h2>\n
Protecting yourself from tracking<\/h2>\n
\n