What do humans and bots have in common? A love for visiting online shopping sites: more than half (57%) of all attacks on retail websites in 2021 were carried out by bots, compared to 33% for all other industries. It gets worse: a third of all log-in attempts on retail eCommerce websites are account takeover attempts.
New research by Imperva shows that, as the pandemic has pushed more people than ever towards online shopping, cybercriminals are enjoying an unprecedented boom: user account takeover, credit card fraud, inventory abuse by scalpers, and price and content scraping by competitors and third parties have all received a boost from the ever-increasing number of user accounts.
User account takeover (ATO) by bots is particularly damaging: a form of identity theft, cybercriminals take over legitimate user accounts to commit fraud or steal credit card information, gift card balances, loyalty points or other customer benefits. Imperva Research Labs has found that, compared to other sectors, online retailers experience a higher volume of takeover logins than other sectors. Indeed, as the Imperva Bad Bot Report 2021 outlined, many automated attacks are unique to the online retail industry.
Enter the Grinchbots
Last holiday season saw the emergence of “Grinchbots” designed to exploit scant supplies to scalp and hoard high-demand items. As the ongoing global shortage of semiconductor chips impacted everything from gaming consoles to cars, Imperva Research Labs recorded a massive 788% increase in bad bot traffic to retail websites globally between September and October 2020.
During the early days of the pandemic, Imperva Research Labs noticed that bots were being used to hoard large inventories of face masks, sanitizers, and even home gym equipment. By the second half of October 2020, the gaming hardware market was aggressively targeted by bad bots, a trend that, such as the chip shortage, looks set to continue well into 2022. In this environment, a bot management strategy is essential for retailers to reduce the risk of malicious bot traffic.
Trickier to detect, harder to handle
Moderate and advanced bad bots now account for 65.6% of bad bot traffic on eCommerce sites. The former emulates browser technology and can execute JavaScript, while the latter mimic human behavior such as mouse clicks and are extremely evasive. These are difficult to detect and handle, cycling through IP addresses and using a mix of technologies to evade detection.
Address the challenge head-on
Whether it’s the holiday season or the pandemic, online shopping is continuing to grow. It’s understandable that a lot of cybersecurity awareness-building focuses on consumers. As this report indicates, however, there is scope for improvement on the retailer side of the equation, too. Through adopting a proactive approach, retailers can make enhanced security part of their customer value proposition – unintentionally giving your customers more than they bargained for in the form of identity theft or fraud on their account is always bad for business.
To learn more about how retailers can mitigate cyber threats and protect sensitive data, download The State of Security within eCommerce in 2021.
Try Imperva for Free
Protect your business for 30 days on Imperva.