How Freebie Bots Turn Scalping on its Head to Rip Off Retailers

For years Netacea has been reporting on the evolving scalper bot landscape. From the early days of sneaker bots, through to hobbyists snatching PlayStation 5 consoles and even vaccine appointments throughout the pandemic, we’ve closely monitored what items scalpers target.

Now, a whole new breed of scalper bot has emerged – one that exploits discounts and pricing errors instead of exclusive hype drops, costing retailers hundreds of thousands in lost inventory. Welcome to the age of the freebie bot.

What is a freebie bot?

Freebie bots are a type of scalper bot that target discounted or mispriced items.

The difference between a “traditional” scalper bot and a freebie bot is scalper bots target high-demand products, or hype drops, with the intention of reselling them at a higher price for profit, taking advantage of limited supply and high demand. Commonly scalped items include concert tickets, consumer electronics, and sneakers. For example, during the pandemic scalpers were buying PlayStation 5 consoles for $450 then reselling them at $1,000.

Freebie bots turn this model on its head, purchasing items at a heavily reduced price – or even for free – often taking advantage of website errors or flash sales. Their users then resell these items at (or close to) their normal retail price, making a profit in the process.

Popular freebie bots include Refract, Freebie Frenzy, Frozen Freebies, Origin and Alloy.

How do freebie bots work?

Like scalper or sneaker bots, freebie bots first scrape retail sites as part of the reconnaissance attack phase. Unlike other bots, though, freebie bots aren’t looking for the exact moment a specific product becomes available. Their search extends to any product that drops below a certain discount threshold, for example 80% below its regular price, or below a certain overall value. Otherwise, they might be programmed to only buy items that are listed as free.

Freebie bot users then sell these free or discounted items at their usual full price on platforms like eBay, Facebook Marketplace, and other general resale sites. Some people may even sell their items locally through garage sales.

Hear more about freebie bots on the Cybersecurity Sessions podcast

How did freebie bots become popular?

Scalping and reselling items like PlayStation 5 consoles and graphics cards became a popular side-hustle during the pandemic when many were stuck at home or unable to work. Experienced bot developers, who had spent years copping rare trainers with increasingly sophisticated bots, took advantage of this craze and started selling or renting out their bots, making the practice accessible even to novices.

Once the pandemic was in the past and PlayStations were easily accessible, botters needed a fresh source of easy income. Enter the freebie bot.

The advantage of freebie bots is that their users can make money from pretty much anything that’s selling at a discount or listed for free in error without having to research, prepare and compete for hype drop items. This makes the products they purchase wide-ranging and unpredictable.

Many of these are low value items that can easily be sold in bulk, like water bottles, supplements, and phone chargers. But freebie bots also commonly snag higher value items at a heavy discount, such as vacuum cleaners, projectors and drones.

One such freebie bot lists the items its users have copped along with the RRP and how many each user managed to buy.

This freebie bot provides a feed of items its users have scalped for free on their website.

Why might items be listed as free or heavily discounted by retailers?

There are many legitimate reasons a retailer might heavily discount products, such as a special promotion to attract new customers, seasonal sales like Black Friday, or to clear shelf or warehouse space for new product lines.

Occasionally items will be priced as “free” in error. The product page may be meant as a placeholder and accidentally published with the wrong price, or not actually listed on the product directory, yet still visible to the scraping tools used within the freebie bot platform. Bots scrape APIs to find hidden products and programmatically complete the checkout process.

By the time the error has been corrected, the items will have already been shipped by automated distribution systems. Incidents like this can cost businesses hundreds of thousands of dollars in lost inventory.

Listing items as “free” is also a tactic sellers sometimes use to boost their listings above other products on marketplaces like Amazon. They make a portion of their inventory free, knowing freebie bots will automatically buy them very rapidly, making the product appear to be very popular. This pushes the item to the top of search results and product lists, at which point the seller bumps the price up above its RRP by 12-15% on the remaining stock to make an overall profit.

Is using freebie bots legal and ethical?

The legality of using freebie bots is currently a gray area. While there are no specific laws prohibiting their use, there are ethical concerns surrounding purchasing mispriced items.

In some cases, it may be against the terms of service of the specific retailer to make automated purchases on their platform, but this will simply lead to the offending account being banned; bot operators are experts at generating many fresh accounts to use, however.

Customers might also be frustrated at being unable to take advantage of discounts because of bots swooping in and exhausting the whole inventory of that item.

The automated actions of freebie bots also skew metrics and analytics, making items appear more popular than they really are. This can cause eCommerce leaders to make misinformed decisions further down the line.

How can retailers protect their websites from freebie bots?

As with any bot attack, the first step of building a defense is to inspect the freebie bot “kill chain” – or the sequence of events that make up an attack. We can then put in defenses to stop attacks at each stage.

One of the earliest signs of a freebie bot attack is continuous product scraping. This could target website pages, mobile app screens or even product listing APIs. A sustained pattern of crawling could indicate price scraping as bots look for discounted items, or sudden changes in price.

The other obvious attack path is the checkout, as bots automatically buy the discounted items they’ve uncovered. As this can happen within a split second, bot prevention tools must react just as quickly to intervene, without interfering with genuine customer purchases.

Netacea’s approach to stopping freebie bots

At Netacea, our bot protection engine uses machine learning models trained on past freebie bot activity to detect future attacks across websites, mobile apps and APIs. We also use anomaly detection algorithms to group together suspicious web requests based on normal visitor behaviors. Our bot mitigation service then reacts automatically to immediately stop these requests.

We also analyze the data we collect to help our data scientists improve and develop new techniques for detecting bot activity.

Prevent stock losses and freebie theft with automatic, intelligent bot protection from Netacea. Book a demo now.