Network Security, Content, Content, Content

“Freebie Bots” Plague Online Holiday Shoppers, Reports Bot Defender Kasada

Hacking red and blue digital binary code matrix 01 background. Hacker, dark web, matrix, Digital data code in safety security technology concept. 3D rendering

Hacking red and blue digital binary code matrix 01 background. Hacker, dark web, matrix, Digital data code in safety security technology concept. 3D rendering

Holiday shoppers be warned, tis the season for “freebie bots,” warns Kasada, a bot defense specialist.

Freebie bots are used to automatically scan retail websites for mispriced goods and services and purchase them at scale before the error is fixed, Kasada explained in a prepared statement.

In fact, Kasada reports that it found more than 250 retail companies were recently targeted by freebie bots, with more than million messages being sent monthly in freebie communities. Members within one popular freebie community used freebie bots to purchase nearly 100,000 products in a single month, at a combined retail value of $3.4 million, according to Kasada.

Beware of Misplaced Decimal Points

Kasada’s research reveals that the total cost of the goods for freebie bot users was only $882, helping some individuals to realize a monthly profit of over $100,000. The top items purchased using freebie bots during this time period included off-brand sleeveless halter neck mini dresses, Apple MacBook Air laptop and deep cleansing facial masks.

Many pricing errors were a result of decimal point misplacement, granting discounts as large as 99%, Kasada found. Using the speed and scale of a bot attack to rapidly purchase as much stock of these erroneously priced goods as possible, cyber crooks then turn around and resell the goods for a large profit.

Sam Crowther, Kasada founder and CEO, issued a warning to consumers:

“Retailers are already facing pressures this holiday season due to inflation and the annual recurrence of Grinch bots. Adding freebie bots to the mix gives retailers another headache to deal with, one that directly hits their revenues, as they’re compelled to fulfill orders made with pricing errors.”

Bots Cost Retailers and Consumers Alike

In addition to impacting a retailer’s inventory, revenue and brand, freebie bots also increase infrastructure expenses, Kasada noted. These bots enable tens of thousands of users to automatically issue requests across an entire product catalog in parallel — and do so every couple of seconds or less.

Kasada adds that retailers, at great cost, need to maintain a strong site architecture in order to handle this demand without crashing or becoming unavailable to regular shoppers.

Crowther explained that preventing freebie bots from gaining access in the first place would help to lower these costs:

“It has become very easy for anyone to purchase and utilize a bot and increasingly difficult for retailers to identify and stop them. Online shoppers can receive hundreds of thousands of dollars of goods for essentially nothing, realizing a massive profit after resale. Combined with the growing infrastructure costs needed to support bot-driven traffic, these attacks quickly impact a retailer’s balance sheet.”

More Bot Research From Kasada

In another recent report covered by MSSP Alert, Kasada found that revenue loss from bot-driven account fraud and web scraping continues to skyrocket. This sobering news comes despite companies spending more on bot mitigation solutions every year, according to Kasada’s 2022 State of Bot Mitigation Report.

The report is based on the findings of organizations that are already using anti-bot solutions and compares results against last year’s report.

Key findings from the 2022 State of Bot Mitigation Report include:

  • 69% of companies that have a bot management solution report losing more than 6% of their revenue due to account fraud this year, up from 64% in 2021.
    • 40% of companies lost 10% of revenue or more, a major increase from 2021 when only 5% reported that level of revenue loss.
    • Account fraud includes account takeovers and new account fraud, where fraudsters create fake accounts to gain access to loyalty programs and take advantage of promotional discounts.
    • 83% of companies say that bots are becoming more sophisticated and difficult for their security tools to detect. This amount increased from 2021s 80%.
    • 62% of companies have spent more than $500,000 fighting bots within the past 12 months. This is a 14-point increase from 2021, when only 48% were spending more than $500K.
      • 21% of companies have spent $2.5 million or more fighting bots this year.
      • 85% of companies expect to spend even more on bot mitigation in the next year, increasing from last year when only 63% reported that they planned to spend more.

        • An In-Depth Guide to Network Security

        Get essential knowledge and practical strategies to fortify your network security.
        Jim Masters

        Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.

        Related

        Related Terms

        Address Resolution Protocol (ARP)BroadcastBroadcast AddressCache PoisoningCall Admission Control (CAC)CellDecapsulationDemilitarized Zone (DMZ)Domain NameDomain Name System (DNS)

        You can skip this ad in 5 seconds

        Cookies

        This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you.

        If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies.