Everything you need to know about IP grabbers

A common message that any user of a social platform like Discord might see sometimes are warnings about IP grabbers being included as links in messages on various servers. For someone who probably had never heard of IP grabbers before, they would probably not think much about it, but the name itself should be a dead giveaway of what they are about – that is “grabbing,” or acquiring, one’s IP address.

While this might seem innocuous at first, IP addresses can be very valuable, both for legitimate businesses to prevent fraud, but also for some fraudsters. However, to understand the implications, let’s discuss what an IP address really represents.

IPs are like postal addresses

As the header suggests, an Internet Protocol address (IP address for short) serves a very similar function to the addresses on an envelope; it identifies a device (a sender or receiver) on a network (for the postal service).

Residential IPs are temporarily assigned to residential customers by an internet service provider. If criminal activity is detected in connection to an IP address, law enforcement may be able to lawfully request the ISP to provide information about the customer who was using that IP address at that time, the same way a letter can be traced back to its sender.

Consider several devices connecting to the internet through a home router (which is one access point). They each have their own private IPs within the home network; however, any external connection only uses the public IP assigned by the ISP to the home network at that time.

This distinction between public and private IP addresses is important because they are treated differently by routers; private IP addresses are not routable, as in, they cannot be used to communicate with devices outside a local (home/work) network.

For computers to communicate online, they need to be publicly addressable.

IP addresses assigned to mobile phones whenever they use a 4G or 5G connection may change more frequently if the people using them are on the move.

Part of a unique fingerprint

As written in a previous WeLiveSecurity blog on browser fingerprinting, the IP address gets included as an identifier, among other relevant device details. So, whenever you connect to a website from wherever, said website can tell whether it’s really you, or whether there is a discrepancy in your access activity – which is why many sites log you out and ask for you to re-authenticate yourself when signing in from a different location than usual.

Many internet-savvy people use virtual private networks (VPNs) to mask their IP address, as their connection gets rerouted through servers in several different countries, for harder traceability. This is very useful even for basic users, as VPNs can serve a security function, making it harder for criminals to target your computer’s traffic. Nonetheless, the rest of the fingerprint still gets recorded, unless the user takes further action.

What is an IP grabber?

Now, onto the juicy stuff. Since we know what an IP is and what sort of data it can represent, it’s time to talk about IP grabbers themselves.

An IP grabber is usually a link that, upon clicking, records your IP address and stores it. What can follow is that someone can use another tool to track that IP across the web, noting its interactions with various web pages around the net.

This is similar to how tracking on phones works, and it also recalls third-party cookies; however, there are some bigger differences between these methods, the chief one being that IP grabbers do not record more than your IP address. Which is great, but hypothetically, knowing said IP could be enough to do a bit of trickery, as they say.

The two sides of IP grabbing

As noted before, there are several reasons why someone would want to record an IP address. First and foremost, some online shops might find it easier to target their guests with advertising, as since the IP gives a general location, shops can customize the ads to be more personal. This is also done by social media websites to record your interests when you click on an affiliated link.

What’s more, it also helps prevent fraud by asking users to re-authenticate whenever their connection seems to be unusual, like If someone is trying to make a connection from a foreign IP in Thailand, instead of their usual home address in Los Angeles. This is not technically IP grabbing, but it is a similar idea, as it records and verifies a connection.

However, just like a shop or a website can attain your IP, so can other actors. But why would they? Gaining an idea about your general location wouldn’t help much if not connected to other forms of personal information (see the browser fingerprinting example).

There are a few reasons why:

Targeting and tracking – An IP address coupled with other information can make it easier when targeting a person or a company for malicious reasons since the IP gives away one’s approximate geographic location. Plus, if connected to a compromised public Wi-Fi, let’s say, a crook could track the user’s online activity with it.
DDOS attacks – By obtaining the IP address of an individual or a company, a malicious actor could use it to overwhelm the owner’s internet connection, causing it to fail.
Social engineering – A quick-witted crook could use the IP as a means of obtaining more information from an individual, or even a company. This would then probably be followed or accompanied by some other form of phishing, cascading into a potentially larger cyber-attack.

How to protect against IP grabbing

Now that you understand what an IP address is, what grabbers do, and how they can be misused, it’s time to explore some ways you can protect yourself.

Never click on random links online – This often needs to be repeated, but it’s worth doing so, as the link you click on might not be an IP grabber, it could very well be some other form of a malicious link, resulting in a malware infection.
Use a VPN – Possibly the best way to protect yourself is to use a premium VPN service that masks your own address by routing your traffic through other nodes, obfuscating your IP and location.
Secure your firewall – Set strong passwords for your router and other devices, plus use solutions that can enhance your firewall protection to create a protective barrier between you and the internet.

Of course, there are more ways to protect yourself, but these should be enough to create at least a basic form of protection.

WLS also recommends that readers stay away from free VPN services, as they are risky due to the possibility of containing malware, opening one up to a security compromise due to weak security protection, or having one's data logged and sold to third-party advertisers undermining a person's privacy.

Staying secure

Despite the rather low amount of information an IP can provide, it is still an identifiable piece of data, which can be used for illicit purposes, If one dedicates the time and resources to do so.

However, by staying mindful of online threats, even those that might seem like innocent users sending you random links, you can stay one step ahead of the attackers. And this, in connection with a powerful and well set up firewall, a security solution, with a VPN on top, can make anyone’s online presence a lot more secure.