Web scraping automates data collection from websites — used legitimately for research and maliciously for harvesting email addresses (spam), pricing data (competitive intelligence), or personal info (OSINT).
Credential stuffing uses scraped email lists. Email harvesting feeds phishing campaigns. Defenses: CAPTCHA, rate limiting, bot detection, robots.txt (suggestion only — not enforced). Terms of service may prohibit scraping.