The holiday sales data is in! As anticipated, bad bot activity ramped up around the Black Friday and Cyber Monday sales events again this year. 

Through processing over 6.8 billion requests, Kasada observed a 23% increase in bad bot traffic in the week before Thanksgiving and a 50% increase during Black Friday week. 

Figure 1: Kasada Threat Intelligence observed an increase in bad bot activity leading up to Black Friday, with most malicious bot traffic originating from the United States. 

Kasada’s Threat Intelligence team identified four major cyber threats to retailers this holiday shopping season. Our data reveals an increase in scraping attacks, Freebie Bots, fake account creation, and gift card fraud. Bot operators frequently used open-source dev tools, spoofed browser platforms, and headless browsers to perform their attacks at scale. 

1. Scraping attacks increased by 43%

As predicted in our Holiday Preparedness Blog, scraping was the most prevalent automated threat Kasada observed leading up to Black Friday. Over 3 million scraping requests per day during peak times represents a staggering 43% increase as compared to October. 

Many consumers started their holiday shopping early again this year. Subsequently, with more retailers competing for business and starting “Black Friday” sales events as early as October, scraping bots soon followed to capture retail data. 

Rather than target specific product pages, bots indexed entire websites, leading us to believe their goal was to monitor stock and price changes for arbitrage. 

Web scraping is difficult for retailers to detect. As such, there has been a long-running legal battle in the U.S. to determine scraping’s legality. Earlier this year, the U.S. Ninth Circuit Court of Appeals reaffirmed its decision that scraping data is legal and does not violate the Computer Fraud and Abuse Act. 

However, scraping certainly creates privacy concerns for online businesses and is also a popular method used by competitors to perform arbitrage and cybercriminals to create counterfeit websites.

Most painfully to shoppers, scrapers are a common reason why websites suffer slow web speeds and degraded site performance. Around the holidays, this is particularly troublesome for retailers since conversion rates are on the line and websites are already inundated with higher traffic to their sites. 

Figure 2: The graph depicts a 43% increase in scraping attacks prior to Black Friday. 

The impact of scraping:

• Erratic web traffic spikes, which results in skewed site metrics
• Overwhelmed servers
• Increased infrastructure costs
• Degraded site performance
• Lower conversion rates

2. Freebie Bots sourced products for 70-100% off list price, scoring $1M worth of products for only $134. 

Time and time again we say, “where there’s a profit to be made, the bots will follow.” Like bees attracted to honey, Freebie Bots were drawn to Black Friday and Cyber Monday deals to get items for a fraction of the price and then resell them for a profit. Products with the highest discounts (70%-100% off) offered botters the best profit margin and were subsequently the most desirable. Items purchased by Freebie Bots typically weren’t high-value items or in high demand, but rather ordinary consumer products such as LED strips and dog collars.

We estimate that Freebie Bots successfully purchased over 40,000 products during Cyber 5 week (11/17 to 11/29), totaling over $1.1M in retail value for a small price of $134. One bot targeting a single retailer was solely responsible for obtaining over $500,000 worth of goods (over 20,000 products) that cost the bot operators only $85.

In the weeks leading up to Black Friday, bot checkouts steadily increased daily, with spikes occurring at 12:00 am PST on Thanksgiving and Black Friday. Data suggests retailers have products scheduled to go live at midnight and as soon as the product becomes available, Freebie Bots were ready to quickly identify pricing and checkout.

Figure 3: Checkouts made by Freebie Bots increased the week of Black Friday and peaked at 12:00 am on Black Friday. 

Figure 4: Freebie Bot checkout spikes on Thanksgiving and Black Friday at 12:00 am PST. 

The impact of Freebie Bots: 

• Real customers were unable to purchase sale items 
• Retailers lost money due to pricing errors, giving away items for free
• Bots overwhelmed servers and caused degraded site performance 
• Inaccurate web metrics such as conversion rates, page time, and average order value

3. 40% increase in Fake Account Creation on Cyber Monday

In the days leading up to Black Friday last year, Kasada detected bots attempting to create over 25,000 accounts a day for a single retailer. This year, Kasada’s Threat Intelligence team observed a similar trend. Large amounts of new accounts were being generated a week before Black Friday and on Cyber Monday. New accounts are typically created by bad actors using free email providers like iCloud and Gmail to create fake accounts and circumvent inventory checks during checkout. 

A 3x increase in fake account creation before Black Friday suggests that adversaries were preparing for holiday sales and hype drops by aging fake accounts. Bot operators “age” accounts by creating fake user accounts days before the sale starts. This helps bot operators avoid detection and increases the likelihood that their account won’t be flagged during a drop. Aged accounts could then be used for personal gain or sold to other parties for future use. 

From Black Friday to Cyber Monday, the number of fake accounts generated rose by 40%. We suspect fake accounts were being used to commit new account fraud, abusing sign-up promotions offered by retailers to obtain new customers and boost sales. Promotions often include coupons or free items when you create an account. The better the incentive, the more likely bots are to abuse it and create massive volumes of new accounts to claim the incentive.

Figure 5: High levels of account generation bot activity from 11/17 to 11/29 using free email providers like iCloud and Gmail.

The impact of fake account creation:

• Inaccurate customer data 
• Skewed performance metrics 
• New account fraud, leading to revenue loss
• Poor brand reputation

4. Gift card lookups spiked 6X every Saturday in November

According to the National Retail Federation, holiday gift card spending is expected to reach $28.6B this year.

Throughout the holidays, fraudsters regularly check balances by performing automated gift card lookups. Kasada has observed a 6x increase in gift card lookups in the span of a few hours during weekend holiday shopping in November. Last year, gift card lookups quadrupled in bot requests which was an early warning sign and a key indicator that fraudsters were using bots to identify and steal gift card balances.


Figure 6: Graph depicts a spike in gift card lookups performed by bad bots on Saturday, 11/26.

The impact of gift card lookups:

• Payment fraud
• Gift card drainage, resulting in poor customer experience
• Damage to brand reputation

Did your website experience any of these anomalies?

To help you see if you’ve been impacted by bot attacks, we’ve rounded up some of the most common indicators below.

Earlier this year, Kasada discovered the emergence of Solver Services being used to bypass many bot mitigation solutions, leaving businesses vulnerable to automated attacks. If you’re unsure how well your bot defenses are holding up, you can quickly test your site here to see which threats you’re able to detect and stop.

Learn more about how Kasada is protecting $50B in eCommerce revenue for some of the largest retail brands from the most sophisticated bots – likely the same bots that are hitting your digital channels.

*** This is a Security Bloggers Network syndicated blog from Kasada authored by Maddy Lewis. Read the original post at: https://www.kasada.io/how-bots-impacted-2022-holiday-sales/