Skip to main content

Bot Humbug! Retailers Fail at Foiling Festive-Season Fraudsters

Retailers can’t afford to underestimate the impact “bad bots” have on their business, whether that translates to website performance, lost revenue or fraud risk. When you add in the record peak-season shopping numbers into the mix, the stakes are even higher.

In processing more than 6.8 billion e-commerce requests and 400 million bad bot requests, e-commerce cybersecurity software company Kasada observed a 23 percent increase in bad bot traffic in the week before Thanksgiving and a 50 percent jump during the five days from Thanksgiving to Cyber Monday.

And e-commerce fraud prevention software provider Seon warned retail businesses to expect more fraud attempts this season, revealing that fraudulent bot usage in last year’s peak holiday season skyrocketed 255.3 percent.

Fraud pressure—which measures the change in number of transactions that were deemed very risky and likely fraudulent—was up 24 percent for the five-day period, according to another fraud prevention platform, Signifyd. Fraudsters started off strong on Thanksgiving with an 82 percent increase in fraud pressure. Levels remained in the mid-20s to mid-30s throughout the weekend, but dipped 9 percent below last year’s levels on Cyber Monday, it said.

Related Stories

Overall, Seon declined 2.78 million fraudulent e-commerce transactions from Nov. 30, 2021 to Jan. 6, 2022, with these high fraud rates coming in mid-December. For context, 3.38 percent of transactions were fraudulent on Dec. 1, 2021, yet this number almost doubled to 6.9 percent of transactions on Dec. 12, 2021. The fraudulent rate remained above 6 percent through Dec. 15.

While the average rate of fraudulent transactions for 2022 so far is 3.85 percent, Seon suggests that the peak for fraud attempts was likely to accelerate by mid-December. Of the 851 million user transactions checked between Jan. 1-Dec. 5, 2022, 9.03 percent were initially flagged as suspicious.

Kasada identified four major cyber threats to retailers this holiday shopping season. They can expect a surge in “scraping” attacks that slow website performance, the use of “freebie bots” that capitalize on mispriced goods, fake account creation and gift card fraud. Bot operators frequently used open-source dev tools, spoofed browser platforms, and headless browsers to perform their attacks at scale.

Scraping was the most prevalent automated threat Kasada observed leading up to Black Friday. During peak times, the company encountered more than 3 million scraping requests per day, for a 43 percent increase from October. In total, 11.5 million scraping requests occurred during Black Friday week.

Scraping bots capture real-time data that can be used by competitors to undercut pricing. In addition, fraudsters use scraping as the basis for counterfeit websites that trick unsuspecting consumers into making a fraudulent purchase or providing their credentials.

Rather than target specific product pages, scraper bots index entire websites to monitor stock and price changes. Scrapers are a common reason why websites suffer slow speeds and degraded site performance. This is especially problematic around the holidays, as conversion rates are on the line and websites are already inundated with higher traffic volumes.

“Retailers have to deal with bot attacks every day, but the increased activity we’ve seen during the holiday shopping season truly highlights just how extreme the problem is,” said Sam Crowther, CEO and founder of Kasada. “As they say, follow the money. If there is an opportunity for profit, bots will be there, looking for every way possible to exploit a retailer’s business. It is critically important for retailers to employ solutions that can adapt quickly to the increasing sophistication of modern bots.”

The “freebie bots,” which scan retail websites for mispriced or discounted goods and purchase them at scale before the error is fixed, pose revenue issues for retailers. These bots are drawn to Black Friday and Cyber Monday deals, which can score the operator items at a fraction of the price and then resell them for a profit.

Kasada estimates that freebie bots successfully purchased over 40,000 products from Nov. 17 to Nov. 29, paying just $134 for items totaling more than $1.1 million in retail value. Earlier in the month, a group of freebie bots targeting a single retailer was responsible for obtaining over $500,000 worth of goods (over 20,000 products) that cost the bot operators only $85.

In the weeks leading up to Black Friday, bot checkouts steadily increased daily, with spikes occurring at 12:00 a.m. Pacific Time on Thanksgiving and Black Friday, which highlights a problem often seen in the realm of sneaker drops. The spikes suggest that retailers had products scheduled to go live at midnight and as soon as the product became available, freebie bots identified pricing and checked out.

Kasada also observed large amounts of new accounts generated a week before Black Friday and on Cyber Monday, indicating that there was a threefold increase in fake account creation.

New accounts are typically created by bad actors using free email providers to create fake accounts and circumvent inventory checks during checkout. Bot operators can “age” accounts by creating fake user accounts days before a sale starts, which helps them avoid detection and increase the likelihood of securing the products they want.

Aged accounts are either used for personal gain or sold to other parties. From Black Friday to Cyber Monday, Kasada said the number of fake accounts generated rose by 40 percent. Fake accounts can also be used to take advantage of sign-up promotions. The better the incentive, the more likely bots are to create massive volumes of new accounts to claim the free product or coupon.

The last major threat, gift card fraud, appears to remain an issue across e-commerce as fraudsters perform automated gift card lookups to regularly check balances. Kasada said gift card lookups rose six times over in the span of a few hours during Saturdays in November.

Last year, gift card lookups quadrupled, which Kasada says was an early warning sign and a key indicator that fraudsters were using bots to identify and steal the remaining balances on gift cards at scale. Since gift cards have fewer protections than other payment methods, fraudsters favor them, as they can anonymously obtain quick cash through irreversible transactions, or by reselling stolen cards.

Top ways to curb holiday fraud

Seon’s research indicated that both browsers and devices remained a significant fraud risk for the holiday season. The company said the fraud it prevented last Christmas was largely due to a massive 1,246 percent increase in the use of suspicious or unusual browsers. Additionally, there was a 212.5 percent rise in very unpopular device screen resolutions, which usually signals the use of emulators or similar tools to spoof hardware and software.

In a blog post, Seon’s data science lead Gellert Nacsa highlighted efforts that can be taken to stop fraud. For one, a dynamic friction strategy can be used to passively scan a user’s setup, IP address and any information they provide, such as an email, to come up with a fraud score.

Based on this, the retailer can only introduce friction to the shopping journey of those who haven’t already been proven to be fully trustworthy, Nacsa said, while obvious fraudsters are banned right away and honest customers can experience a frictionless journey.

Nacsa also said fraud teams should be on the lookout for high numbers of card declines that might indicate an account used for testing stolen credentials, as well as mismatches in submitted billing addresses and registered card addresses.

And to minimize the impact of chargebacks, retailers should promote refunds over chargebacks altogether, he said.

Throughout the season, retailers should be more willing to adjust their security initiatives based on the demand generated.

“To maximize sales via a minimum-friction shopping experience during the holiday rush, retailers would be wise to loosen thresholds on shipping address disparities but tighten them on unusual velocities in shipping behavior,” Nacsa said. “For example, monitoring might reveal that a single computer ordered a single product to multiple addresses at a high frequency, or several accounts at apparently disparate locations all send the same purchase to one address at an industrial park—both potential signs of malicious activity but not uncommon over the gifting period either.”