Man
Professional
- Messages
- 2,956
- Reaction score
- 477
- Points
- 83
Bots in online trading pose a threat to online security, so store owners should take measures to combat such scammers. However, there are three key aspects to consider:
With the growth of online stores, there has also been an increase in fraud by cybercriminals.
This is a dangerous trend and a big problem not only for resource owners but also for buyers. Cyberattacks are becoming more determined and creative. In a survey conducted by Kount, a company that deals with protecting websites from bots, 88% of companies reported that they are doing their best to combat fraudsters and malicious attacks.
Contents
1. Who are bots?
2. Types of attacks and bots that threaten online trading
2.1. Bots for "parking" goods ("goods out of stock")
2.2. Buyer bots
2.3. Content-stealing bots (scrapers)
2.4. Manipulation of other people's credentials
2.5. DDoS attacks of level 7
3. How to protect your online store from bots
3.1. 1. Interpret incoming data correctly
3.2. 2. Create full-cycle privacy
3.3. 3. Apply new technologies
3.4. 4. Fight bots with… bots
3.5. 5. Use antibot for the site from Botfaqtor
Chatbots are an example of “good” robots. They are used to automatically process requests from potential buyers and clients either before or instead of communicating with support staff, for example, at night. They are simply necessary for online stores.
However, there are also bad bots. In the hands of a hacker or other attacker, they are used to imitate the actions of real users and perform various malicious operations in order to benefit those who control them.
By generating digital IDs, such bots can not only make purchases in an online store faster than any real user. They also exploit vulnerabilities in the management of the continuous life cycle of accounts and access rights to all information resources of the company and delete thousands of products in a matter of seconds. Most often, this happens because the system cannot distinguish a real person from a malicious bot.
Those who direct such attacks against online stores have different motives. Hackers who carry out malicious attacks not for profit (“black hat” hackers) may simply be pursuing the goal of proving their capabilities, that it costs them nothing to destroy someone’s business. But hacktivists are already using their skills to teach a lesson to an objectionable brand due to a social or ethical position.
There are also scammers who use bots to quickly buy up goods from an online store and then resell them on other sites at an inflated price. As a rule, this applies to expensive limited-edition branded items.
Whatever the motives of cybercriminals, companies engaged in online commerce are increasingly becoming victims of malicious attacks.
Moreover, they do this regularly. Even if after a certain time the cart was automatically cleared, he will return to the site again and add this product to the cart. Such fraudulent actions are usually committed by competitors. That is, a real buyer will come to the website of an online store, see that the desired product is not available (and we know that it was "parked" by a malicious bot) and go to the competitor's site. Thus, the competitor's brand gets an advantage and sells the desired product to this buyer, and the injured party loses potential benefits.
To protect against such actions, online stores can set a limit on the time that items can be stored in the shopping cart without placing an order, as well as on the number of regular additions of the same item to it. However, most robots can overcome even such blocking methods, and they do this by using a large number of different IP addresses.
For example, a new gaming console is about to go on sale. Buyers are eagerly awaiting it. As soon as the release date arrives, bots, using their speed and automation capabilities, buy up almost all the consoles in the first seconds. Real buyers, before they can come to their senses, immediately see the message: "Item out of stock." They have no choice but to buy the console, but on a speculator's website and at a higher price.
They are difficult to combat, but there are special solutions – antibots, which allow you to identify and block them.
For example, TheFork (a TripAdvisor project), a portal dedicated to searching and booking tables in cafes and restaurants, experienced sharp traffic surges that occurred during holidays, special offers, etc. The company's specialists understood that these were the tricks of "bad" bots that were trying to steal valuable content, such as user reviews and the availability of free tables in restaurants.
BlaBlaCar, which has about 40 million members, is the world's largest carpooling community. The vast database of companies is a tasty morsel for scammers who are looking for personal data to use for criminal purposes. At one point, the service noticed abnormal spikes in traffic and system load. Cybercriminals were trying to gain access to user accounts in order to steal credit card numbers and obtain coupons that could be used for personal purposes or resold.
Celio is a leading men's clothing brand, represented in more than 50 countries around the world, with more than 1,100 stores. The Celio team usually analyzed traffic on a case-by-case basis and manually blocked unwanted visits. However, this is a labor-intensive task and not very effective when bots use multiple IP addresses. One day, the brand's online stores began to experience a load of level 7 DDoS attacks. The attack broke through manual blocking and disabled the sites. In this regard, the company decided to use special protection services.
For example, bots imitate the behavior of real users and do it even too well. That is, where real people doubt, robots will not do it. They perform all operations automatically and uniformly. Their ultimate goal is to throw goods into the basket and do it as quickly as possible.
In this case, it is worth tracking the speed of clicks and page transitions, product selection, distraction by pop-up windows, selection of options on the product page, etc.
For example, RPA can be used to monitor the market for new technologies that appear in response to bot activity. Machine learning allows for mass tracking of customer habits and behavior and the creation of a mask of what real people’s behavior looks like on online shopping sites.
- It is impossible to completely stop malicious bot attacks;
- Fraudsters are constantly developing their technologies;
- Companies can protect themselves and their customers from automated attacks and strengthen their brand reputation.
With the growth of online stores, there has also been an increase in fraud by cybercriminals.
A recent study by cybersecurity solutions company Imperva found that 30.8% of traffic to e-commerce sites was bots, of which 17.7% was malicious.
This is a dangerous trend and a big problem not only for resource owners but also for buyers. Cyberattacks are becoming more determined and creative. In a survey conducted by Kount, a company that deals with protecting websites from bots, 88% of companies reported that they are doing their best to combat fraudsters and malicious attacks.
Contents
1. Who are bots?
2. Types of attacks and bots that threaten online trading
2.1. Bots for "parking" goods ("goods out of stock")
2.2. Buyer bots
2.3. Content-stealing bots (scrapers)
2.4. Manipulation of other people's credentials
2.5. DDoS attacks of level 7
3. How to protect your online store from bots
3.1. 1. Interpret incoming data correctly
3.2. 2. Create full-cycle privacy
3.3. 3. Apply new technologies
3.4. 4. Fight bots with… bots
3.5. 5. Use antibot for the site from Botfaqtor
Who are bots?
A bot (short for robot) is a program or application designed to perform automated tasks. Why do they use them instead of regular people? In terms of performing routine operations, they are more efficient and do them much faster. At the same time, they are divided into good and bad.Chatbots are an example of “good” robots. They are used to automatically process requests from potential buyers and clients either before or instead of communicating with support staff, for example, at night. They are simply necessary for online stores.
However, there are also bad bots. In the hands of a hacker or other attacker, they are used to imitate the actions of real users and perform various malicious operations in order to benefit those who control them.
According to research by Kount experts, 2/3 of companies said that one such attack cost their company more than $100,000 in lost revenue.
By generating digital IDs, such bots can not only make purchases in an online store faster than any real user. They also exploit vulnerabilities in the management of the continuous life cycle of accounts and access rights to all information resources of the company and delete thousands of products in a matter of seconds. Most often, this happens because the system cannot distinguish a real person from a malicious bot.
Those who direct such attacks against online stores have different motives. Hackers who carry out malicious attacks not for profit (“black hat” hackers) may simply be pursuing the goal of proving their capabilities, that it costs them nothing to destroy someone’s business. But hacktivists are already using their skills to teach a lesson to an objectionable brand due to a social or ethical position.
There are also scammers who use bots to quickly buy up goods from an online store and then resell them on other sites at an inflated price. As a rule, this applies to expensive limited-edition branded items.
Whatever the motives of cybercriminals, companies engaged in online commerce are increasingly becoming victims of malicious attacks.
Types of attacks and bots that threaten online commerce
Bots can cause slow website performance, downtime, exposure of sensitive customer data, and loss of revenue for business owners. Therefore, it is imperative that online stores implement and maintain robust security measures against the following types of malicious attacks.Bots for "parking" products ("product out of stock")
This is the type of bot that selects products on an online store website and adds them to the cart, but does not place an order. In this way, they “park” the product and make it unavailable to real buyers.Moreover, they do this regularly. Even if after a certain time the cart was automatically cleared, he will return to the site again and add this product to the cart. Such fraudulent actions are usually committed by competitors. That is, a real buyer will come to the website of an online store, see that the desired product is not available (and we know that it was "parked" by a malicious bot) and go to the competitor's site. Thus, the competitor's brand gets an advantage and sells the desired product to this buyer, and the injured party loses potential benefits.
To protect against such actions, online stores can set a limit on the time that items can be stored in the shopping cart without placing an order, as well as on the number of regular additions of the same item to it. However, most robots can overcome even such blocking methods, and they do this by using a large number of different IP addresses.
Buyer bots
Just as in the real world, with buying up concert and theater tickets and then reselling them at a higher price, malicious buying bots can do the same with limited-edition items in online stores.For example, a new gaming console is about to go on sale. Buyers are eagerly awaiting it. As soon as the release date arrives, bots, using their speed and automation capabilities, buy up almost all the consoles in the first seconds. Real buyers, before they can come to their senses, immediately see the message: "Item out of stock." They have no choice but to buy the console, but on a speculator's website and at a higher price.
They are difficult to combat, but there are special solutions – antibots, which allow you to identify and block them.
Content thief bots (scrapers)
This is the same as parsers. In this case, product catalogs are copied and placed on third-party resources unchanged. This is done in order to get higher positions in the search results for unique product cards than the original website of the online store. Thus, the injured party loses income, and sometimes even the prestige of the brand.For example, TheFork (a TripAdvisor project), a portal dedicated to searching and booking tables in cafes and restaurants, experienced sharp traffic surges that occurred during holidays, special offers, etc. The company's specialists understood that these were the tricks of "bad" bots that were trying to steal valuable content, such as user reviews and the availability of free tables in restaurants.
Manipulation of other people's credentials
In this case, bots use other people's credentials (logins and passwords of real users) from one site and try to log in to other resources. Fraudsters get them after mass discrediting ("leaking") of credentials from open sources or the DarkWeb. For such attacks, a large number of bots are used to make multiple attempts to log into an account. This type of attack is also called "dictionary attack" (a method of completely enumerating possible passwords), which requires a huge number of attempts.BlaBlaCar, which has about 40 million members, is the world's largest carpooling community. The vast database of companies is a tasty morsel for scammers who are looking for personal data to use for criminal purposes. At one point, the service noticed abnormal spikes in traffic and system load. Cybercriminals were trying to gain access to user accounts in order to steal credit card numbers and obtain coupons that could be used for personal purposes or resold.
DDoS attacks level 7
The purpose of these bot attacks on online stores is to overload and destroy the site with an avalanche of traffic.Celio is a leading men's clothing brand, represented in more than 50 countries around the world, with more than 1,100 stores. The Celio team usually analyzed traffic on a case-by-case basis and manually blocked unwanted visits. However, this is a labor-intensive task and not very effective when bots use multiple IP addresses. One day, the brand's online stores began to experience a load of level 7 DDoS attacks. The attack broke through manual blocking and disabled the sites. In this regard, the company decided to use special protection services.
How to protect your online store from bots
Below we have provided several methods that will help you avoid becoming victims of Internet intruders and protect yourself as much as possible from malicious bots.1. Interpret incoming data correctly
Tools for analyzing visits to a store's website make it possible to track the naturalness of user behavior. However, all together they provide practically nothing unless they are analyzed in more detail.For example, bots imitate the behavior of real users and do it even too well. That is, where real people doubt, robots will not do it. They perform all operations automatically and uniformly. Their ultimate goal is to throw goods into the basket and do it as quickly as possible.
In this case, it is worth tracking the speed of clicks and page transitions, product selection, distraction by pop-up windows, selection of options on the product page, etc.
2. Create full-cycle privacy
Implementing privacy by design at the development stage of an online store can increase the trust and confidence of brand owners and customers. If you lay down as many protective forms against automated attacks as possible in advance, this will help users feel safe throughout their entire journey through the site: from the moment they enter their personal data to placing an order. The user will trust the site more, and the owner will easily identify abnormal traffic and detect fraudulent activity.3. Apply new technologies
Malicious bots are an evolving technology that poses a threat to the entire Internet community. Therefore, companies must be aware of the developments and implement new technologies in their services that will allow them to work more efficiently and effectively for real clients, rather than serving fraudsters. These may include modern authentication methods and standards (for example, two-factor authentication), etc.4. Fight bots with… bots
In the near future, companies that have a presence on the Internet will increasingly collaborate with fraud protection services and integrate them into their ecosystem to develop advanced robotic process automation (RPA) tools and deep data analysis tools to provide themselves with reliable ways to counter malicious bots.For example, RPA can be used to monitor the market for new technologies that appear in response to bot activity. Machine learning allows for mass tracking of customer habits and behavior and the creation of a mask of what real people’s behavior looks like on online shopping sites.