We now live in an online-first world, accelerated by the events of the pandemic in 2020. Fraudsters have taken advantage of these conditions, using automated bot attacks to prey on businesses and consumers.
To quantify the devastating financial impact bots are having on businesses of all types, Netacea surveyed 440 businesses from across the USA and UK. Read the full results in our report: What Are Bots Costing Your Business?
Last week, we took a closer look at the financial damage bots are causing gaming and betting businesses in the US and UK. This week, we’re focused on an industry that is constantly in the sights of malicious bot traffic: travel and tourism.
Almost all travel sites are affected by bots
Shockingly, 96% of travel companies we surveyed stated their website had been attacked by bots over the last year, shedding light on just how widespread the issue of bad bots is on this industry.
Travel sites reported significant impact from two main types of attacks facilitated by malicious bots. 53% of the travel companies we surveyed stated they have been attacked by account takeover bots, whilst 29% said they were attacked by scraper bots.
Account takeover attacks in the travel industry
Account takeover is one of the costliest types of attack, accounting for significant amounts of fraud in the travel industry. This takes the form of loyalty point theft and booking fraud, impacting both businesses and their customers directly.
A common account takeover tactic is credential stuffing, where a barrage of bots will try to brute force their way into user accounts. This can be done by validating stolen credentials harvested from data leaks and dark web exchanges, or by using a common password list to repeatedly attempt to gain access. This aggressive bot activity adds substantial load to infrastructure, ramping up the cost to the business for no commercial benefit.
Once an account is validated, bad actors can access loyalty points and flyer miles, many of which have been building up as a result of reduced flights taking place over the course of the pandemic. Points are then resold, with $2,000 worth of loyalty points selling for around $700 on the dark web. There are even criminal travel agencies on the dark web that can drive down prices for holidays by using stolen loyalty points.
In our survey, 43% of travel companies estimated that 6-10% of loyalty points were stolen from their customers in the last 12 months, and 69% said 3-5% of their online revenue was lost to account takeover attacks. 75% agreed that such attacks had damaged customer satisfaction, and 77% had lost business as a result, proving the cost of bots goes way beyond financial damage.
The impact of scraper bots on travel businesses
Price scraping is a very common practice in the travel industry, sometimes for positive or benign reasons like sharing prices with partners, but sometimes for malicious purposes. If price information is scraped by unauthorized parties, this can steal away customer traffic from the primary seller site and strip away their opportunity to cross sell or upsell hotels, hire cars and insurance, for example.
Regardless of the purpose of scraper bots, any queries they generate must be passed through the global distribution system (GDS), at a cost for each request. When a significant proportion of requests are non-human, this represents a considerable unwanted cost to serve non-revenue-generating traffic.
Scraper bots also impact the look-to-book ratio of travel sites. Excessive scraping activity bumps up prices by as much as 15%, which can be devastating to price-sensitive online travel agents. This not only impacts finances directly through price sniping and the increased cost to infrastructure just to serve these requests, but also the reputation of affected travel businesses, who lose control of their sales channel with customers.
In our survey, 41% of travel companies believed they had been affected financially by scraper bots, costing them up to 4% of their online revenue last year. 76% said scrapers were damaging their customer satisfaction rates, and 69% agreed they’d lost customers as a direct result of scraper bots.
Next generation bot management from Netacea
Bots are growing not just in aggressiveness, but also in sophistication. They undertake their attacks disguised as human users, bypassing many traditional defenses to take advantage of travel companies across the globe.
Netacea uses machine learning to combat this new wave of bot threats, analyzing the intent of every visitor to root out and block malicious bots in real time. The result is fast, powerful bot mitigation that saves on infrastructure costs whilst preventing attacks like account takeover and scraping.
Learn more about the financial impact of bots on businesses in our full report, or register to watch our upcoming webinar: What Are Bots Costing Your Business?
website being exploited by bots?
- What are bots costing gaming and betting companies?
- What are bots costing businesses in 2021?
- Why bots are a growing problem for online ticket sales