Bot Protection

COVID-19 Part 3: Data Tells the Story

by Ido SafrutiApril 02, 2020

This post is part of the COVID-19 blog series

Traffic and ATO Attacks Rise in Fashion and Home Goods

In the third edition of our COVID-19 data update series, we are entering another week of the social distancing effort to fight the coronavirus. In last week’s post, we highlighted some emerging trends including a surge in web traffic and Account Takeover (ATO) attempts on e-learning websites and apps, and increased scraping and ATO attacks against travel and hospitality sites.

This week, we are focusing on two different vertical segments - fashion and home goods - to highlight the impact of the ongoing crisis and the shifts it has catalyzed in web traffic, web attack targets and malicious behavior online.

Online Fashion is Rising

Since early February, the online fashion segment, including clothing, streetwear, sportswear and cosmetics, has seen an overall rise in web traffic. In particular, last week was notable as the industry saw a 27% increase in good traffic week over week, and a 177% increase in malicious traffic, driven by ATO attacks, price scraping and hoarding (figure 1). With physical stores closed due to the pandemic, an increase in good traffic could be a positive sign for fashion e-tailers. It is also interesting to note that the rise in traffic for fashion and clothing spiked two weeks after traffic to general merchandise spiked. It appears that once people adjusted to the “new normal” and addressed their basic product needs, new online shopping habits for non-essential products emerged. It’s important to note that this rise in traffic was also fueled by promotions and sales offered broadly by different brands and retailers.

Overall fashion traffic

Figure 1: Overall fashion traffic is increasing. Red represents malicious requests.

As we continue to see, cybercriminals follow the money, and are doubling down on their attacks during this sensitive period. Specifically for online fashion retail, we see spikes in account takeover (ATO) attacks that are 495% higher than the average daily rate seen previously (figure 2). In the last week, ATO attempts were 90% higher than the previous week and 143% higher than the first week of March (figure 2). An ATO attack occurs when someone gains unauthorized access to an online account. Because it is relatively easy to break into online accounts and monetize them, websites have become the new banks for attackers, and that’s why ATO is big business for cybercriminals looking to cash in. Attackers seek to gain access to monetary information, such as credit cards, gift cards, loyalty points, and marketplace credits from accounts that users might not monitor regularly.

Figure 2: Login traffic on fashion retail sites during March by day (above) and weekly (below).

Home Goods are Increasing

As the situation evolves, we are looking back at trends we reported earlier, to see how things changed in the last couple of weeks. Specifically for home goods, we see a trend of legitimate traffic growth with an increase of 26% from the already escalated level we reported two weeks ago, as well as malicious traffic growing at a similar pace of 25% in that period (figure 3). This is expected as more states in the US and more countries in Europe and around the world are increasing social distancing measures and stay at home policies. While legitimate traffic and purchases are up, malicious traffic as a percentage of the overall traffic remains high between 30% and 40%, indicating that attackers also escalated their efforts in the past two weeks (figure 4).

Online home goods purchases

Figure 3: Online home goods purchases continue to grow together with attacks on these sites.

Home goods malicious traffic

Figure 4: Home goods malicious traffic as a percentage of overall traffic remains high while overall traffic grows.

In the home goods category the trend in elevated ATO attacks continues as well, spiking frequently at 3 to 4.5 times the daily average from before the situation started. ATO traffic continues to make up over 90% of all login attempts on average, with many days passing the 95% mark (figure 5).

Figure 5: Login traffic on the home goods segment. Red represents malicious requests.

We also see an increase in conversion rates in this sector, up 37%, with daily purchases up more than 120% - or 2.2 times - the daily rates seen prior to the lockdown period (figure 6). Completed purchases

Figure 6: Completed purchases in home goods online stores.

To stay up to date on these rapidly evolving trends, you can read Part 4 of the COVID-19 blog series and subscribe to the PerimeterX blog.

Want to Learn More?

Read the complete COVID-19: Data Tells the Story blog series: