by Jim Masters • Nov 22, 2022
Holiday shoppers be warned, tis the season for “freebie bots,” warns Kasada, a bot defense specialist.
Freebie bots are used to automatically scan retail websites for mispriced goods and services and purchase them at scale before the error is fixed, Kasada explained in a prepared statement.
In fact, Kasada reports that it found more than 250 retail companies were recently targeted by freebie bots, with more than million messages being sent monthly in freebie communities. Members within one popular freebie community used freebie bots to purchase nearly 100,000 products in a single month, at a combined retail value of $3.4 million, according to Kasada.
Beware of Misplaced Decimal Points
Kasada’s research reveals that the total cost of the goods for freebie bot users was only $882, helping some individuals to realize a monthly profit of over $100,000. The top items purchased using freebie bots during this time period included off-brand sleeveless halter neck mini dresses, Apple MacBook Air laptop and deep cleansing facial masks.
Many pricing errors were a result of decimal point misplacement, granting discounts as large as 99%, Kasada found. Using the speed and scale of a bot attack to rapidly purchase as much stock of these erroneously priced goods as possible, cyber crooks then turn around and resell the goods for a large profit.
Sam Crowther, Kasada founder and CEO, issued a warning to consumers:
“Retailers are already facing pressures this holiday season due to inflation and the annual recurrence of Grinch bots. Adding freebie bots to the mix gives retailers another headache to deal with, one that directly hits their revenues, as they’re compelled to fulfill orders made with pricing errors.”
Bots Cost Retailers and Consumers Alike
In addition to impacting a retailer’s inventory, revenue and brand, freebie bots also increase infrastructure expenses, Kasada noted. These bots enable tens of thousands of users to automatically issue requests across an entire product catalog in parallel — and do so every couple of seconds or less.
Kasada adds that retailers, at great cost, need to maintain a strong site architecture in order to handle this demand without crashing or becoming unavailable to regular shoppers.
Crowther explained that preventing freebie bots from gaining access in the first place would help to lower these costs:
“It has become very easy for anyone to purchase and utilize a bot and increasingly difficult for retailers to identify and stop them. Online shoppers can receive hundreds of thousands of dollars of goods for essentially nothing, realizing a massive profit after resale. Combined with the growing infrastructure costs needed to support bot-driven traffic, these attacks quickly impact a retailer’s balance sheet.”
More Bot Research From Kasada
In another recent report covered by MSSP Alert, Kasada found that revenue loss from bot-driven account fraud and web scraping continues to skyrocket. This sobering news comes despite companies spending more on bot mitigation solutions every year, according to Kasada’s 2022 State of Bot Mitigation Report.
The report is based on the findings of organizations that are already using anti-bot solutions and compares results against last year’s report.
Key findings from the 2022 State of Bot Mitigation Report include:
- 69% of companies that have a bot management solution report losing more than 6% of their revenue due to account fraud this year, up from 64% in 2021.
- 40% of companies lost 10% of revenue or more, a major increase from 2021 when only 5% reported that level of revenue loss.
- Account fraud includes account takeovers and new account fraud, where fraudsters create fake accounts to gain access to loyalty programs and take advantage of promotional discounts.
- 83% of companies say that bots are becoming more sophisticated and difficult for their security tools to detect. This amount increased from 2021s 80%.
- 62% of companies have spent more than $500,000 fighting bots within the past 12 months. This is a 14-point increase from 2021, when only 48% were spending more than $500K.
- 21% of companies have spent $2.5 million or more fighting bots this year.
- 85% of companies expect to spend even more on bot mitigation in the next year, increasing from last year when only 63% reported that they planned to spend more.