The Grinch stole the Holidays: how bots affect Black Friday


Bot use in online shopping is driving prices far above the rate of inflation. During the busiest shopping season of the year, bots are causing headaches for both shoppers and retailers.

With the holiday season approaching, the activity of bots is expected to reach new heights. Bots are being used to scrape retail websites, buy in-demand goods in bulk to later resell at higher prices, or as so-called “freebie bots” that hunt down products with wrongly assigned prices and purchase them in massive quantities.

According to current research by bot-detection company Netacea, despite attempts to stop the bot problem through legal avenues, about half of buyers faced issues with "scalper" and "grinch" bots swiftly grabbing in-demand products this year.

ADVERTISEMENT

Bots affecting shoppers

Among those affected by scalper bots, 58% were attempting to buy tickets for live events, while buyers of fashion items (35%), consumer goods (39%), and travel (20%) also reported significant levels of interference.

The report shows the negative impact that bots have on shoppers' behavior, as using them is becoming normalized at scale.

“Struggling to access goods and services, people either turn to using malicious automation themselves or end up paying over-inflated prices,” Matthew Gracey-McMinn, Head of Threat Research at Netacea, told Cybernews.

Nearly one in five shoppers admitted to using a bot at least once over the last year. Scalper usage is most common amongst Gen Z and millennial consumers, with 24% and 27%, respectively, admitting to using one over the last 12 months.

“Automation is now part of the public consciousness, and the barrier to entry for consumers has significantly lowered. Scalper bots, in particular, are an acknowledged money-maker. This creates the underlying conditions for confirmation bias. In essence, bot users only ever see the upside in their actions: They reason that no one will come to any harm,” said Bec McKeown, Cyber Psychologist and Founder of Mind Science.

The scarcity caused by bots is leading to substantial price hikes for everyday items. Despite the existing challenges of inflation, people are still willing to pay, on average, 13% more to scalpers. The highest price surges were observed in medicine (17%) and event tickets (14%).

The report highlights that these increases are comparatively lower than the markups on highly sought-after items like the PlayStation 5 (19%) and Yeezy sneakers (168%). It's worth noting that, in contrast, the peak of US inflation in June 2022 was only 9.1%.

ADVERTISEMENT

“As high volume sales events, Black Friday and Cyber Monday reinforce the impact of such trends, meaning retailers need to be on guard to protect their customers,” said Gracey-McMinn.

“Only by stopping bots at source can people be prevented from going down the slippery slope of renting access to bots themselves or losing money by overpaying on secondary sites. It’s hard to quantify the total impact, which typically happens in grey areas of questionable legality, so up-front preventative measures are crucial,” he continued.

Bots are causing trouble for retailers

Sam Crowther, CEO and founder at Kasada, a firm mitigating bot threats, told Cybernews that they see a spike in automated cyber threats posed by bots during the holiday season

“Last year, for example, there was a 43% surge in web scraping attacks and a 3x increase in the creation of fake accounts caused by bots,” said Crowther.

John Wilson, a threat researcher at cybersecurity firm Fortra, is also seeing an increase in automated bot attacks during the holiday season.

“We witness a seasonal increase in automated bot attacks this time of the year, with a 50% rise in bad bot traffic, a 43% spike in web scraping attacks, and a three-fold surge in fake account creation the week before Black Friday.”

Bot attacks enabled by scripts are designed to inflict damage or exploit retailers at scale. They can be launched by lone actors or sophisticated groups and commonly target e-commerce websites and applications.

Scraping attacks also involve the unauthorized extraction of valuable data like pricing details, customer reviews, and product availability from websites.

“Grinch bots make money by selling sought-after items on auction sites for excessively high prices. If there’s a profit to be made scalping in-demand goods where demand exceeds supply, bots will capitalize on the opportunity,” said Crowther.

ADVERTISEMENT

Another problem that retailers are facing is so-called “freebie bots” that go after sales and human errors in pricing. This kind of bots allows bot operators to use a combination of web scraping techniques and automated checkout functions to get 70-100% off the list price, causing revenue loss for the retailers. The activity of freebie bots sharply increases ahead of Black Friday and Cyber Monday.

“Last year, Freebie bots within a single botting community were used to purchase close to $1 million of products for only $134,” explained Crowther.

“To safeguard their data and pricing strategies, retailers need to prioritize investment in web scraping protection measures,” he concludes.