Press enter to see results or esc to cancel.

What are bots?

Photo by Bernard Hermant on Unsplash

Here’s the thing: If you thought that all the visitors coming to your website are regular people just browsing on the internet – you’re wrong. In reality, a significant portion of the visitors on your site aren’t even human at all!

Confused? Don’t worry – We’ve broken it down for you in this article!

Besides the web traffic generated by real people browsing the internet, there is also non-human traffic that visits websites or apps that we call bot traffic. The chances are that you already heard about “bots” and it had a negative connotation attached to it. What most people don’t know is that bot traffic is not “bad” in itself. A bot is just a software program. Whether it is considered “good or bad” actually depends on what the bot is programmed to do.

Good bot traffic is usually beneficial to your website, because this is what search engines use to find your site – think Google, Yahoo or Bing, and digital assistants, like Siri, Alexa or Google Assistant.

Bad bot traffic, on the other hand, can be used in malicious ways and is often implemented as the first-wave of an attack, to check for and create additional vulnerabilities on targeted sites. Moreover, ad fraud, inventory denial, credential cracking and data scraping, are just a few examples of what bad bots are capable of.

Bad bot traffic is a rapid-growing phenomenon across the internet. In 2021 bad bot attacks accounted for approximately 20% of all internet traffic worldwide and there was a 15% increase in cybercrime and data breaches during the same period.

To help you identify the most common bot activity that can threaten your business, we created a simple handbook that outlines typical symptoms of bot interference and the associated business risks:

1. Scalper Bot

  • Risk Level: Medium
  • Business Threat Level: Medium
  • Keywords: Grinch bot, Bulk purchase, Purchase automation, Purchase bot, Speed-booking, Queue jumping, Sale stampede, Secondary ticketing, Ticket resale, Ticket scalping, Ticket touting.

A Scalper bot is a bot that buys goods and services in a manner that a normal human user would be unable to undertake manually. A scalper is a piece of software designed to search e-commerce websites for specific items and purchase them, often clearing out inventory. It is especially common during the holiday shopping season, which is why frustrated online shoppers have named it the “Grinch” bot.

Website Symptoms:

  • Accelerating the purchase cycle beyond human capabilities;
  • High peaks of traffic for certain limited availability goods or services;
  • Decrease in the expected number of loyalty program subscriptions;
  • Customer complaints;
  • Increased circulation of limited goods reselling on the secondary market;

eCommerce Risks:

  • Customer frustration;
  • Loss of customer loyalty;
  • Waste of marketing budgets;
  • Inventory planning errors;
  • Reputational losses;

2. Credential Cracker

  • Risk Level: High
  • Business Threat Level: High
  • Keywords: Brute-force, attack against sign-in, Brute forcing log-in credentials, password cracking, Cracking login credentials, Password brute-forcing, Password cracking, Reverse brute force attack, Username cracking, Username enumeration.

A credential cracker identifies valid login credentials by trying different values for usernames and passwords. Such actions are used both for the direct theft of goods and within the framework of various account manipulation schemes. Most of these attacks are carried out with bots, so they can be easily neutralized by blocking malicious bot traffic.

Website Symptoms:

  • Identical account data and delivery address shared across multiple accounts;
  • Data changing simultaneously across multiple accounts;
  • Multiple accounts changing country IP ranges;
  • Quick changes in the user device models ratio;

eCommerce Risks:

  • Direct financial losses;
  • Customer frustration;
  • Loss of control over private data;
  • Loss of customer loyalty;
  • Reputational losses;

3. Ad Fraud

  • Risk Level: High
  • Business Threat Level: High
  • Keywords: Advert fraud, Adware traffic, Click bot, Click fraud, Hit fraud, Impression fraud, Pay per click advertising abuse.

In the context of bad bots, ad fraud represents the automated clicks and fraudulent bot requests for the display of web-placed advertisements. This is used by owners of websites and apps displaying ads, unscrupulous suppliers of advertising solutions or competitors.

For an eCommerce company that is advertising online, one of the most reliable supervisions is distinguishing between human and automated traffic on their own target website. In this case, the data provided by the ad traffic provider must match the human traffic stats collected on the site.

Website Symptoms:

  • Inconsistent visitor behavior patterns, in particular, unusually low number of page views;
  • Higher bounce rate, lower conversion;
  • Peaks in impressions and clicks;

eCommerce Risks:

  • Loss of advertising and marketing budgets spent in vain;
  • Distortion of statistics and analytical data leading to marketing and planning errors;

4. Spam Bot

  • Risk Level: High
  • Business Threat Level: Medium
  • Keywords: Fake feedback, Fake reviews, Ranking manipulation, Click-bait, Comment spam, Content spam, Content spoofing, Fake news, Form spam, Forum spam, Guestbook spam, Referrer spam, Review spam, SEO spam, Spambot.

A Spam Bot is a piece of software aimed to spread malicious or questionable information in public or private content, databases, or user messages. This threat exists on all eCommerce sites that support any kind of user feedback, including ratings and reviews.

Typically, the scheme is based on automated bulk account creation. It aims to manipulate customer behavior and /or statistics used by a website. Such attack is always carried out using automated tools and can be neutralized by the utilization of bot traffic detection and blocking solutions.

Website Symptoms

  • Growth in the number of ratings and reviews in comparison with the purchases dynamics;
  • Inconsistent timing of ratings and reviews in comparison with the purchases dynamics;
  • Repetitive wording and other conspicuous linguistic symptoms;
  • Increased automated account creation;

eCommerce Risks

  • Fake feedback on goods and services leads to unpredictable manipulation of real user behavior;
  • Distortion of analytics leading to marketing mistakes;
  • Difficulties in real user site navigation;

5. Scraper

  • Risk Level: High
  • Business Threat Level: Medium
  • Keywords: Web harvesting, API provisioning, Bargain hunting, Comparative shopping, Content scraping, Data aggregation, Database scraping, Farming, Harvesting, Meta search scraper, Mining, Mirroring, Pagejacking, Powering, APIs Ripping, Scraper bot, Screen scraping.

A Scraper is a bot that collects web application content and other data for use elsewhere. This is extremely hard to detect and is commonly used by competitors to monitor prices (especially in a dynamic pricing environment), product availability, ratings, and inventory.

This is usually done by bots, so this type of activity can be prevented by blocking this kind of malicious automated traffic.

Website Symptoms:

  • Signs of an atypical visitor behavior;
  • Significant increase in the depth of site browsing;
  • Increase in the average number of viewed products;
  • Fast adaptation of prices on competitive sites to changes in prices on the target website;

eCommerce Risks:

  • Notable parasitic server and traffic load;
  • Competitive monitoring;
  • Distortion of statistics and analytic data;
  • Hacking dynamic pricing systems typically leading to direct financial losses;
  • Often used in preparing focused attacks;

6. Denial of Inventory

  • Risk Level: Low
  • Business Threat Level: High
  • Keywords: Inventory hoarding, Phantom ordering.

A denial of inventory attack is performed by a bot depleting the stock of goods or services without ever completing the purchase or committing to the transaction.

Such an attack is almost always carried out using automatic means, so the main method of defense is to reliably distinguish between human and machine-generated traffic.

Website Symptoms:

  • Increased stock held in baskets, carts, or reservations;
  • Elevated cart abandonment;
  • Reduced % of payments;
  • Inventory balances reduce quickly;

eCommerce Risks

  • Normal buyers lose access to the goods and services;
  • Revenue losses;
  • Customer frustration;
  • Disruption of inventory operations;
  • A sharp increase in the website load;