Last year, HUMAN released a report about the different ways sophisticated bots are getting in the way of your best laid Black Friday (and beyond) plans - from enterprises to advertisers to consumers. All of us were affected by what we call #BotFriday. And from what we can tell, this year will be no different. I spoke to HUMAN’s Satori Threat Intelligence & Research team about what everyone should watch out for this #BotFriday.
Last year’s holiday season was very different for obvious reasons. The push towards e-commerce had us asking a lot of questions. Would malicious bot activity increase? How does COVID-19 factor into e-commerce trends? Are people going to trade in lines at big box stores for one more slice of apple pie and endless scroll? The answers weren’t as simple as we thought they would be. But one thing was made very clear to us: Black Friday wasn’t actually on Black Friday. Due to big name stores starting their Black Friday sales early, some as early as three weeks beforehand, we instead saw a sharp increase in sophisticated bot activity interacting with ads and websites well before the weekend after Thanksgiving.
“The big shopping season in general creates a breeding ground for malicious bot activity online. With last year as a blueprint, we can predict that this trend of brands starting sales pre-Black Friday will continue, causing an earlier shopping season and in turn, more sophisticated bots deployed,” said Ellie Windle, VP of Strategic Partnerships.
From an international perspective, Southeast Asia sees increased internet activity on Lucky Days such as 9/9 (Super Shopping Day), 10/10 (Mega Shopping Festival), and 11/11 (Singles’ Day). Retailers offer deals, similar to Black Friday, and consumers take advantage.
eMarketer has noted that because of the success of last year’s online pre-Black Friday deals and the persistence of COVID-19, it will likely continue. As retailers continue to rely on e-commerce, the more chances there are for malicious bots to come ruin the holiday party.
It’s no secret that all of us spent more time on our devices this year. The screen time update on my phone screams at me about it every week. We found early in the COVID-19 pandemic a dramatic shift in traffic from desktop to mobile. And that trend continued: US adults consumed about an extra hour of digital media in 2020. Specifically, Connected TVs (CTVs) saw a 33% increase in time spent. That’s a lot of time rewatching Dawson’s Creek (or is that just me?).
These trends aren’t going anywhere, especially as the world embraces work from home.
“Malicious bot operators are getting smarter and with advertisers utilizing the eyeballs on CTV and mobile devices, we predict an increase in sophisticated bots targeting advertisers this holiday shopping season,” said Lenny An, Manager, Customer Success. “Like we always say, fraud follows the money.”
Advertisers have many opportunities for success on CTVs. Unfortunately, so do bots. With CTV’s high CPMs, malicious bot operators have an opportunity to get in on the action. We’ve seen this time and time again with botnets such as PARETO. This botnet was one of the most sophisticated operations the advertising industry has witnessed. The PARETO botnet was nearly a million infected Android phones pretending to be millions of people watching ads on smart TVs and other devices. PARETO-associated traffic accounted for an average of 650 million daily bid requests witnessed by HUMAN’s MediaGuard solution, the result of 29 Android apps spoofing more than 6,000 CTV apps.
This is going to be hard for you to hear, but it’s going to be nearly impossible to get the PlayStation5...again. Inventory hoarding by fraudsters is a big problem for many retailers - from exclusive sneaker drops to game consoles to whatever the year’s big toy is.
“The higher the demand for the product, the more fraudsters using sophisticated bots will target that product in order to resell it for a profit. The means to do that is through accounts, whether the bot operator is creating net new ones themself or taking over existing accounts in order to evade detection. We predict that sophisticated bots will target retailers with the season’s biggest products,” said Natasha Vasandani, Senior Data Scientist.
Account fraud in its many forms (such as new account creation fraud, credential cracking, and account takeover) can allow sophisticated bots a space on line. The more human they appear, the easier it is for them to jump through queues and simple security measures like WAFs and CAPTCHAs, and ultimately grab the exclusive before well-intentioned humans have a chance.
Recently we worked with an online banking provider to see if their WAF and CDN solutions were successfully protecting their customers from account takeover attacks. They deployed HUMAN’s BotGuard for Applications and we were able to find that 14% of their customer traffic was invalid traffic made up of sophisticated bots impersonating humans. This traffic was passing through the online bank’s WAF and CDN solutions undetected.
The problem is so pervasive, you’ve probably dealt with it yourself. Here’s to hoping your kids want books this year.
Enough with Scrooge! HUMAN can help. Our Human Verification Engine verifies the humanity of more than 10 trillion interactions a week. That means we’re really good at determining malicious bots from humans - even if they are coming from the same device. Each outcome, whether sophisticated bot or human, makes all our products smarter and more precise to protect your enterprise, your ads, and your marketing campaigns from falling victim.
Want to learn more about what to expect from bad actors this holiday season and how to fight back? Join HUMAN and guest speakers from Forrester and Futurlogic for our webinar “Bot Humbug: How Bots Might Scrooge Up Your Holiday Shopping Season” on October 13th.