Malicious bots are likely visiting your website. The question is, can you identify them in order to single them out and mitigate their attempts to steal data and hijack user IDs?
Here’s the truth. We live in the era of unavoidable bots. As Kleiner Perkins researcher Mary Meeker highlighted in her May 2017 internet trends report (via Recode), bot traffic on the web surpassed traffic generated by humans in 2016. Everyone operating a website is dealing with bots. Some of them, like a Google crawler, are welcomed, and some are insidious bots that want to execute account takeover attacks, steal customer credit cards and illegally empty gift card balances. The real trick is knowing the difference between good bots, bad bots and humans. Determining what is a good bot is pretty easy; they usually announce themselves and their intentions. That means understanding the difference between a dangerous bot and a normal human user is where the challenge lies.
Fortunately, bots behave differently than humans. That’s even true when a bot has taken over a browser and is piggybacking on a human user. What’s more, you don’t need to be a rockstar data scientist to recognize signals and anomalies that are likely caused by a wave of malicious bots.
Here are five simple indicators that your site may be besieged by evil bots:
1. An Increase In The Percentage Of Failed Login Attempts
Bots are frequently used for ATO attacks, where a botnet will attempt to take control of your users’ accounts by testing user-password combinations leaked from other sites. In this type of attack, botnets may attempt to validate millions of accounts per day. This activity tends to generate a boatload of failed login attempts, which is a classic sign of a bot attack. Analytics tools like Google Analytics and your access logs can easily generate reports that show an increase in the number of failed login attempts over time or visualize spikes in activity.
2. A Big Increase In (Failed) Validation Of Gift Card Numbers
Another common target for fraudsters is stealing the value from legitimate gift cards. Gift card accounts are relatively easy targets. When attackers check the balance of a gift card and attempt to hijack it, companies do not request an account name, a billing address or any other personal identification information. This makes gift card accounts a perfect target for brute-force attacks that run through combinations quickly to look for valid pairs of card numbers and pin codes. Fraudsters use bots to execute these attacks. When an invalid pair is attempted, that generates a failed validation notification. If gift card validation failures suddenly trend up or spike, then you have a decent signal that the bots are trying to steal your customers’ gift card balances and resell the cards and pins on the dark web.
3. An Increase in Shopping Cart Abandonments
One use of malicious bots is to scrape price information from competitors’ sites. As a defensive tactic, site operators often mask prices until a shopper puts an item in their shopping cart. For that reason, many bots place items in shopping carts in order to scrape the prices but never complete the transaction. The upshot? An increase in the number of times shoppers abandon carts may indicate a bot attack.
4. Irregular Page Viewing Patterns
A human customer most likely will visit a home page, perform a search, click on a product page and check out. But no human visitor would go to every single product page on your site -- or even 50% of those pages. Scraper bots do this because they only care about the product pages. Those bots also may hit the search page numerous times during a session. So sessions that skew toward strange page-view patterns, which typically include numerous searches, can signal a bot attack. Another potential sign of a scraper bot is irregularly long sessions during which the bot is copying large volumes of content.
5. Unexpected Geographic Origins Of Traffic
If you primarily have customers who live in a specific geographic location -- say, Europe or the U.S. -- and a wave of unexpected traffic comes from countries where you don’t offer your service -- for example, from Vietnam or Chile -- that could be the sign of a bot attack. Bot operators may take advantage of cheap or breached hosting services or of malware-infected hosts and run their bots in those countries. So check the coordinates of your visitors for bot party crashers that likely aren’t shopping or browsing.
There are even more sophisticated techniques that bot defense services can offer -- like examining visitor behavior down to the speed of keystrokes and patterns of mouse movements, for example. The above five indications that bots are spending unwanted time on your site are a starting point and are steps that any system administrator or analytics tools operator could take to understand if their online assets are under attack by bots. Bots aren’t stupid, but they also aren’t humans. The difference is almost always clear once you look hard for signs of anomalous behavior.
