How to Outsmart Scalping—A Never-Ending Saga

What is scalping?

Scalping occurs when limited-edition products are purchased to be resold at a higher price. Scalper bots, sometimes called “shopping bots” or “purchasing bots”, are software programs designed to automate online purchasing.

Because bots can complete the checkout process much faster than humans, scalper bots are used to bulk buy limited-edition products to resell at a profit on sites like eBay.

How did scalping begin?

At first, scalpers targeted concert tickets, using bots to get their hands on dozens of coveted tickets to resell them at a higher price. Since then, scalping has spread to more industries and products.

The most sophisticated bots today are a subset of scalper bots: sneaker bots. In fact, sneakers, concert tickets, and streetwear are the industries most heavily targeted online by scalper bots.

Sponsorships Available

Sponsorships Available

Sponsorships Available

As we frequently observe at DataDome, it’s common for sneaker e-commerce websites to face spikes of dozens of millions of bot requests per minute during flash sales. The demand for sneaker bots even gave birth to a new industry to ease the resell of scalped sneakers—marketplaces such as stockX.

Scalping also affects luxury products. Several off-the-shelf bots exist that automatically detect when luxury products are available. And with the recent shortages brought on by COVID-19, scalpers saw opportunities to make more profit. 

Scalpers began purchasing more types of products in previously untapped industries. The scalping surge affected cryptocurrency (where scalper bots rushed to acquire NFTs), GPUs (which were highly sought after during the cryptocurrency hype), and gaming consoles like the Nintendo Switch, Xbox, and PlayStation 5.

The Future of Scalping

Several countries have attempted to prohibit the scalping of high-demand goods (at the forefront, the US and the UK). But scalpers have not quit—and won’t any time soon. Instead, online scalping will likely spread to more industries and affect more products.

The ongoing economic environment has propelled scalping as a popular way for attackers to make money by leveraging the scarcity of certain products.

Already, several videos and channels on YouTube explain how to create or use existing scalper bots. They also cover how to maximize your chances of getting through standard detection techniques like CAPTCHA, geoblocking, and rate limiting. What’s more, bots as a service, ISP/residential proxy services, and CAPTCHA farms have all made sophisticated scalping bots more accessible to the masses.

What can I do to protect my business and customers?

Scalper bots vary greatly based on factors such as the bot developer, the industry or product they’re targeting, and at what scale they are working. Still, you should keep track of the following:

• Device/Browser Fingerprinting: Scalper bots need to run at scale and can’t change their device details for every single request, so suspicious parameters can be tracked.
• Browser Validation: Check for the JavaScript agent to ensure it’s making the right browser calls, as scalper bots tend to run on modified browsers.
• IP Reputation: Some scalpers use cheap, low-quality IPs that are easy to block. However, many scalpers are now able to rotate through high-quality residential IP proxies.
• Behavioral Analysis: Many bots don’t behave like humans—particularly scalper bots, which are likely to race through your site to get to their target. Humans tend to meander. These small behavioral cues can help root out bots.

Bot Detection: The Simplest, Strongest Solution

Scalper bot programmers are usually extremely skilled, quick to adopt new technologies, and adept at bypassing common security systems. With everything at play, the easiest and most accurate way to locate and stop scalper bots before they reach your products is with a specialized bot detection solution. 

Better yet, try specialized bot protection that leverages machine learning and aggregate global detection to protect your mobile app, website, and API from scalpers in real time.