Bots continue to be a growing concern for fraud professionals because they are a significant delivery vehicle for certain types of fraud. A new report from PerimeterX details the growth of bot attacks and how they relate to fraud types experienced by e-commerce fraud teams.
According to the Automated Fraud Benchmark Report: E-Commerce Edition, bot attacks of all types more than doubled last year (up 106 percent). The use of bots in carding attacks increased from 2020 to 2021 by 111 percent and scraping attacks rose an astonishing 240 percent year-over-year.
“The increase in scraping is not unexpected, but we were surprised by the magnitude of these attacks,” said Liel Strauch, director of cybersecurity research at PerimeterX. “Scalping attacks also increased both in size and in type of scalped items, and price scraping is a major part of competitive edge in many different domains. Illustrating the lifecycle of attacks, scraping is leveraged by scalpers so they can be notified once product inventory comes back following a hype sale for example."
Bots enable fraudsters to lay the foundation for the web attack lifecycle at scale, according to the report. They help bad actors digitally skim PII to steal information, validate it with credential stuffing attacks, and fraudulently use it to commit ATO or create fake accounts.
Other key findings in the report include
- Peak malicious login attempts increased from 84 percent in 2020 to 93 percent in 2021
- The three retail e-commerce segments that saw the most bad-bot traffic were Health and Wellness; Hardware, Software and Electronics; and Sports and Recreation
- 74 percent of bot attacks came from desktop devices and the remainder from mobile devices