Top 5 Bad Bots of 2023

Around half of all internet traffic is generated by bots – some of those bots are good and some are bad.

In fact, roughly 26% of bot traffic is bad and a threat to businesses and consumers alike, with bots created to scrape data, disrupt the ordinary running of service and performing a range of fraudulent activities. It’s malicious bot activity such as this that leaves brand reputations in tatters, customers frustrated and increasingly, large organisations significantly out of pocket as they respond to the fall out of a bot attack.

1. Sneaker bots

Sneaker bots do what they say on the tin – they are used to buy sneakers. Sneaker bots vary in complexity, with many built to auto-cart and buy limited edition sneakers within seconds of their release.

From an attacker’s perspective, bots prove much more effective than trying to manually check-out. Precious seconds are saved simply by storing card details and addresses within the bot, so there’s no requirement to type out the information. Not only does this annoy many “sneakerheads”, but it leaves retailers open to scrutiny with suggestions that they aren’t doing enough to stop bots.

To find out more about sneaker bots in our four-part blog series.

2. Scrapers & spiders

Not all scrapers are a nuisance to businesses, GoogleBot being a prime example. As a search engine, Google finds and indexes content according to relevance and quality; achieving the number one spot in the search engine results pages (SERPs) is every organization’s dream.

However, many scrapers are created with less than ethical intent. They farm content to be repurposed, reposted and resold; this is known as content theft. Scrapers also scrape prices listed on websites. This technique is commonly used in eCommerce, with competitors targeting items that will allow them to undercut their rivals and increase their profits.

Learn more about the web scraping threat to businesses.

3. Gift card bots

Gift Card Bots are constantly evolving and are rapidly becoming a major issue within the retail sector.

Many retailers partake in gift card processing online and are subsequently becoming attractive attack targets. Gift card bots such as GiftGhostBot, generate and enter potential gift card numbers into different sites to identify successful combinations; GiftGhostBot claims to be able to test up to 1.7m combinations within an hour of being deployed. One retailer has reported peaks of over four million requests within an hour, which is almost 10 times their expected traffic levels.

4. Click and ad fraud bots

Pay-per-click (PPC) advertisement is a major form of promotion for businesses seeking to get a product or service into the market. For example, Google Ads average a PPC cost of between £0.66 and £1.32 however, prices can vary depending on the industry, budget, network and end goal.

Click and ad fraud bots take advantage of these tools by repeatedly ‘clicking’ and generating payments per click, running up a hefty bill for the advertisement owner. On average, $6bn of $300bn in ad-click-costs are fraudulent, and app installs are considered the most lucrative method.

Uber and Facebook have taken out lawsuits against alleged fraudsters but with little success, due to not being able to ‘sue a bot’.

Discover more about click fraud and ad fraud.

5. Denial of inventory bots

Bots make up a large portion (up to 97%) of total internet traffic during the busy festive shopping period.

Consumers head online to avoid the in-store rush, unaware that a much bigger threat may be present. Seemingly unmissable Black Friday and Cyber Monday deals make online shopping irresistible, yet the increase in eCommerce consumer activity has also resulted in the vast quantity of bot traffic we see today.

If you were unable to bag that gift you wanted this Christmas, it’s possible that you were competing with a denial of inventory bot, suitably nicknamed the Grinch Bot or Jingle Bot. These less than jolly bots add stock to baskets making it unavailable to genuine shoppers. Some of the bots were built to direct customers elsewhere, and other to resell the products on third party sites. Both the Grinch Bot and Jingle Bot operate similarly to sneaker bots and as a result, retailers saw a much higher level of cart abandonments over the 2019 holiday period.

The festive season is an opportunity for bad bots to hide their malicious activity in the already large volume of traffic to sites however, eCommerce sites are hit by bots all year round.

Learn more about denial of inventory.

Protect against bad bots with Netacea

If you’re looking to adopt an all-new bot mitigation strategy in 2024, talk to the bot management experts at Netacea and find out how we can mitigate the bad bot threat to your business today.