The days are getting chilly, holiday drinks are back on the menu at your favorite café and family gatherings are planned. In an almost pavlovian response, Grinchbots have also returned in record levels to ruin your online holiday shopping experience.
In the State of Security Within eCommerce in 2021, Imperva Research Labs predicted that bad bots would be a disruptive force again this holiday season as demand for limited quantity items grew and more shoppers were online. And sure enough, they did just that.
What is a Grinchbot?
A close relative of Ticket Bots and Sneaker Bots, Grinchbots are a part of the notorious scalping bots family. These sophisticated bots aim to acquire high-demand, limited-quantity items using automation to gain a significant advantage over legitimate users. What differentiates them is their love (or shall we say hatred?) for the holiday season. The bot operators target the holiday shopping season and the sales events and limited product launches associated with it. These computer programs are run by very real humans, designed to automatically query online inventories and purchase desired goods. Because the automation is faster and more efficient than a human, legitimate human users don’t stand a chance at getting their hands on the latest, most desired commodities.
But why? You may ask. For the profit, of course. Grinchbots purchase these items for the sole purpose of their operators immediately reselling them elsewhere at a significant premium. Just looking up the price of a new gaming console or GPU on an online marketplace reveals how substantial the profits being made are.
Bot traffic on retail sites hits a six-month high during Cyber Monday week
According to Imperva Research Labs, advanced bot traffic sessions on retail sites in November 2021 grew nearly 73% over the previous month, indicating that many bot operators increased their efforts as the Singles Day, Black Friday and Cyber Monday eCommerce holidays came and went.
Analyzing the data by sessions produces insights that are noticeably more meaningful than analyzing single requests. One session consists of a group of bot requests all originating from the same source – a more accurate sign of malicious activity than a single bot request. Imperva Research Labs monitored a spike in bot traffic during the week of Cyber Monday this year, growing 8% over the week of Thanksgiving and Black Friday. Of all the attacks monitored in November, 27% were carried out by advanced bots, compared to 23% in November 2020.
A breakdown of daily traffic during the month of November reveals peaks in bot traffic sessions during Black Friday and Cyber Monday. Most notably, traffic spiked 48% between Thanksgiving day and Black Friday.
Legal efforts struggle to keep up
Amid the rising levels of bot traffic this holiday season, the US Congress introduced the Stopping Grinchbots Act in an effort to curb the growing challenge that threatens millions of online shoppers. “Our Grinch Bots Act works to level the playing field and prevent scalpers from sucking hard-working parents dry this holiday season,” said Rep. Paul Tonko of New York. Whether or not this bill will lead to any form of legislation remains to be seen. Even if it does, enforcing the law on a borderless internet will be challenging. As it stands, online retailers must fend for themselves and ensure that they properly manage bad bot traffic.
Ensure your human customers have a fair chance
Imperva Advanced Bot Protection safeguards your online store from bad bots like Grinchbots that abuse business logic to gain an unfair advantage on legitimate human customers. Most importantly, it does so without getting in the way of these, preserving customer experience and ensuring business continuity. Advanced Bot Protection is capable of mitigating all OWASP automated threats including scalping, account takeover, web scraping and more. With the ability to protect websites, mobile applications and APIs, Advanced Bot Protection has got all of your access points covered.
Advanced Bot Protection is a part of the Imperva Web Application & API Protection solution. Start your Application Security Free Trial today to protect your assets from Grinchbots and other automated threats.
Try Imperva for Free
Protect your business for 30 days on Imperva.