Mark Your Calendars, Bad Bots Are Coming for the Last Months of 2022

Imagine if you and nine million other people were trying to enter a store, attend a basketball game, or purchase a plane ticket all at once. Such an overwhelming experience might make you give up on the task entirely. 

This is the reality for many online businesses whose websites and applications are flooded by automated bad bots. These malicious software programs, run by criminal bot operators, work around the clock and are responsible for online fraud at incredible volumes. In 2021, over 42% of all web traffic wasn’t human. As a result, organizations experienced higher infrastructure and support costs as they struggled to stop bots and reduce customer churn due to frustrating online experiences.

Building a strategy to mitigate bad bot traffic, and potential disruptions, starts by looking at the calendar. Exciting and important world events create a frenzy of online traffic, and like flies to honey, malicious bad bot operators are drawn to the opportunity. Anticipating these events will allow businesses to take a proactive and successful approach. 

When Will Bad Bots Strike Next?

Below are three upcoming events that we predict will attract bad bots in droves in the last few months of 2022.

1. The holiday shopping season: We can expect to see a record volume of bad bots swarming retailers’ sites in 2022. Known as “Grinch bots,” these automated scripts buy up the hottest gifts of the season and make it nearly impossible for the average consumer to purchase them through a retailer’s site. Nefarious actors then resell the goods off-market for an extreme profit.

With the holiday shopping season starting earlier than ever – in 2021, 27% of consumers started purchasing gifts in September, and Salesforce research predicts 42% of shoppers started even earlier this year – retailers should expect to see the negative impact of bots throughout the remainder of the year. Online retailers can prepare for Grinch bot activity in advance by limiting the quantity of items available to purchase by a single shopper.

2. Major sporting events: Millions of users will flock to online betting sites in the coming months to place their wagers on major sporting events, from the American football season to world soccer tournaments. Account takeover is a major risk for online betting platforms, driven by the opportunity to steal funds and compromise users’ payment information.

Furthermore, one in ten gambling sites experienced a distributed denial-of-service (DDOS) attack during the 2022 Wimbledon tournament, causing widespread chaos as authentic users were blocked from their favorite betting sites. This trend is projected to repeat itself in the next few months.

3. Thanksgiving travel: Some of the largest travel events occur in the last quarter of the year. In 2021, over 20 million people flew through US airports during the Thanksgiving period. An uptick in online travel booking creates a perfect storm for bad bots. Price-scraping bad bots, or programs that execute illegal competitive price monitoring, can skew look-to-book ratios, increase transaction costs, and cause site slowdowns and downtime. Doing so makes it harder (and more frustrating) for authentic, human customers to complete their reservations. 

To Mitigate Bad Bots, Start Now

Bot operators are turning to machine learning and natural language processing (NLP) to make bots more sophisticated, compounding the challenge for vulnerable businesses. The most advanced bots now have the ability to mimic human behavior and even evade traditional cybersecurity tools.

Organizations aren’t defenseless against bad bots. By identifying milestone events that could lure bots to their website, proactive action can be taken before downtime occurs or costly damage control is needed after an incident. 

Further, organizations can take preventative steps including performing site audits to identify vulnerabilities, protecting exposed APIs and mobile apps, blocking access from outdated browser versions and bulk IP data centers, implementing rigorous traffic evaluation and monitoring processes, and deploying bot management solutions. 

The next few months are a critical revenue-generating period, and business leaders cannot afford to let bad bots run amok. With a proactive approach, organizations can stay one step ahead of bad bots.  

Lead image