Holiday Cyber Attacks: How to Outsmart the Bots

By Alexa Bleecker, Director of Cybersecurity Content, Kasada

With the supply chain shortages and an uncertain economic climate, many retailers are expecting a slower holiday shopping season. But even if overall eCommerce sales trend down, that doesn't mean that cybercriminals will be taking a break. In fact, you can be sure that bad actors are preparing to launch many of the eCommerce cyber-attacks we've seen this year with extra amplification between Black Friday and Cyber Monday that will continue throughout the season.


Why? The answer is simple. Cybercriminals are motivated by money, and the holidays present ample opportunities to profit—from scalping to scraping, to selling card cracking codes to committing account fraud. With automated tools and techniques to scale their efforts, threat actors are setting themselves up to prosper.

You’d Better Watch Out for These Holiday Threats

Grinch Bots

The holiday season is upon us. And with it comes all the joys (and stresses) of buying presents for our loved ones. For many of us, that means braving the crowds – or competing with the bots to purchase gifts online. These bots are dubbed as Grinch bots because they scoop up in-demand items before legitimate customers can.


Gift Card Fraud

One of the most popular targets for fraudsters during the holiday season is gift cards. And it's easy to see why - they're easy to buy and sell online, and they can be used anywhere that accepts them. Gift cards are also a form of anonymous currency, which helps fraudsters conceal their identity in the underground marketplace.


Loyalty Abuse

While loyalty programs can offer a great way to save money, they can also be a goldmine for cybercriminals. That's because many of them are easy to exploit, and the points can be sold for cash.


Freebie Bots

With many retailers offering deep discounts on popular items, it's no wonder Black Friday/Cyber Monday are magnet days for bargain hunters. But while customers are busy scouring your website for deals, fraudsters will be hard at work too. Freebie bots take advantage of these extreme discounts by continuously scanning products to see if any have been mistakenly published for $0 or discounted by 50-90%.


All-in-One Fraud Tools

Another tactic rising in popularity for cybercriminals during the holiday season is using solver services. These services help adversaries easily bypass security detection systems like CAPTCHA systems that are designed to stop them from automated attacks. Based on our research, the use of solver services has increased by 750% in the past year.


Cybercriminals are motivated by money, and the holidays present ample opportunities to profit—from scalping to scraping, to selling card cracking codes to committing account fraud.

Preparing for Holiday Bots

As the holiday shopping season kicks into gear, the goal is to stop bots without disrupting the buyer experience. Keeping bots off your site won’t matter if your human customers leave too. Here are four essential steps, tips and questions to ask to help prevent bot attacks on your website, mobile apps, and APIs.

Step 1. Identify and understand the unique bot threats and risks to your business

What types of goods or services do you sell that might be especially in demand right now? Find out what bot threats your site can detect with an instant test. Assess the various OWASP automated threats that may impact your applications.

Step 2. Remove fake users and bad bots to uncover insights into your web traffic

At peak times, your bot traffic can be 10X your usual traffic, which skews metrics and results in an unfavorable experience for customers. Clean up your bot traffic to deeply understand consumer behavior while saving on infrastructure costs.

Step 3. Prioritize your customer experience, conversion rates, and revenue generation

Use technology to help ensure your products can be purchased by legitimate customers, not fraudsters looking to make a profit. Invest in security solutions that don’t add additional layers of friction for your users.

Step 4. Continue to expect the unexpected

Make your anti-bot vendor list, and check it twice. The standard holiday preparedness practices don’t really matter if bots are exploiting your website, apps, and/or APIs. The real eCommerce holiday readiness is to expect the unexpected and become agile enough to change at a moment’s notice.


All in all, the holiday season is a busy time for everyone - including threat actors. So, it's important to be aware of the dangers and take steps to protect your organization. From gift card fraud to loyalty abuse, and solver services for CAPTCHA services and more, keep these tips in mind and you'll be sure to have a safe and happy holiday season.

NOVember 2022

NOV 2022

Go to article: Holiday Season 2022 Go to article: EditorialGo to article: Table of contentsGo to article: Table of contentsGo to article: US holiday shopping 2022Go to article: A Retailer’s Guide To The 2022 Holiday Season Go to article: Resilient RetailingGo to article: Adapting to New Consumer Behavior TrendsGo to article: Celebrating in Uncertain TimesGo to article: Meet the omni-buyer this holiday seasonGo to article: The Shifts Driving RetailGo to article: Satisfying Holiday Shoppers in the Digital WorldGo to article: Maximizing Online Store Performance for this Black Friday and Cyber MondayGo to article: eCommerce: Preparing for the Holiday Traffic SpikesGo to article: What brands need to know for the holidaysGo to article: Product Imagery to Boost eCommerce CoversionGo to article: AI/ ML and the Shopping ExperienceGo to article: How AI can help retailers retain revenue this holidayGo to article: Gift Cards: The Preferred Employee RewardGo to article: Gift Cards: The Vital Revenue DriverGo to article: Personalization and Loyalty in Grocery RetailGo to article: Marketing in the MomentGo to article: Holiday E-commerce CampaignGo to article: Target and Convert Holiday ShoppersGo to article: Analytics for the WinGo to article: Customer Expectations 2022Go to article: Connected Customer EngagementGo to article: Managing Consumer DistrustGo to article: Online grocery experienceGo to article: Leverage Holiday Return Spikes to Drive Customer Retention Go to article: Right Product Information to Reduce ReturnsGo to article: Returns ManagementGo to article: Managing the Surge in Payment ProcessingGo to article: Preparing Shopping Bot AttacksGo to article: Holiday Cyber Attacks: How to Outsmart the BotsGo to article: Top 5 Bot Attacks that Online Retailers Should Prepare For Go to article: Fighting the ScammersGo to article: Retail RansomwareGo to article: Retail employee engagementGo to article: Operational Communication for the Holiday SeasonGo to article: Empowering the Grocery WorkforceGo to article: Retail Workforce ChallengesGo to article: Fully Connected Retail Supply Chain for the Holiday SeasonGo to article: Prep up the Retail Supply Chain for Peak SeasonGo to article: Combating Supply Chain DisruptionGo to article: Prepare CX Teams to Manage the Longer Holiday Shopping Season Go to article: Retail Hiring for the HolidaysGo to article: Mercatus_Ad