Bots can negatively impact ecommerce businesses during the holiday season through credential stuffing, inventory hoarding, and price scraping attacks. The document outlines these top bot attacks, including warning signs for each. It recommends using a combination of techniques like allowing good bots, challenging suspected bots, blocking bad bots, redirecting bots, keeping logs, and additional authentication to fight bot attacks while still allowing legitimate traffic. Businesses should expect increased traffic but also be on the lookout for bot attacks and the solutions outlined to protect their site during the busy holiday period.
4. 40%
% of good bot traffic
Bot Trends
% of automated traffic worldwide
Trends
% of automated traffic in US
55% 2%
5. 1. Credential Stuffing/Account Takeover
Top Attacks
● Attack on login portal with stolen
credentials
● Users reuse usernames and passwords
across multiple site
● Steal valuable financial information like
credit card numbers and billing
addresses
Warning Signs
● Increases in failed login attempts
● Increases in changed credentials,
addresses, and phone numbers
● Higher logins with no increase in
business
6. 2. Inventory Hoarding
Top Attacks
● There are two approaches
● Purchasing in-demand products before
human shoppers and resell on the
secondary market for a higher price.
● Adding high-demand products to an
online shopping cart, but not buying
them
● Wasted marketing spend, revenue loss
Warning Signs
● Unusually fast purchases of low-volume,
high-demand inventory
● Customer complaints on social media
● Higher infrastructure costs with no increase
in business
7. 3. Price Scraping
Top Attacks
● Acquire product pricing information at
scale
● Skew pageview and conversion statistics
● Undermine pricing strategy, sales and
revenue impact, gain a competitive
advantage
Warning Signs
● Slowdowns on a wide range of product
pages
● High page visits from unusual locations,
at unusual times
● Unusual browsing pattern
8. What to do with bots
Solution
● Allowlist good bots
● Challenge suspected
bots
● Block bad bots
● Redirect bots
● Keep detailed logs
● Additional authentication
10. Thank you
For information on how Cloudflare Bot Management, visit
https://www.cloudflare.com/products/bot-management/
Don't Let Bots Ruin Your Holiday Business
Editor's Notes
Our goal is to help build a better Internet and we want to do this by providing insights, threats and trends based on the aggregated data that we have.
Global increases in traffic in all regions, 1.5x increase in traffic in United states since the start of 2020.
In March the traffic started increasing, in May it peaked and since then it hasn’t come down. Seemed to have settled into “new normal” level. Which means we have more online reliance, this is an opportunity for attackers
Check if we can use screenshots from here - https://www2.deloitte.com/content/dam/insights/us/articles/6890_holiday_retail/6890_2020-Deloitte-holiday-retail-survey.pdf
What, How they work / why they’re bad
Warning signs
verticals
What, How they work / why they’re bad
Warning signs
verticals
What, How they work / why they’re bad
Warning signs
verticals