For some time now, bots have been wreaking havoc on e-commerce sites, creating a nightmare for owners who simply want to conduct business and sell goods to their customer base. If bots aren’t buying up limited edition sneakers — making it nearly impossible for consumers to make a purchase — they’re sucking up all the inventory on the latest game console. They’ve also been known to buy up the hottest gifts during the holidays and even creating problems with e-gift cards.
Lately, there’s been some suspicion that they may be snagging high-demand campsites, creating significant challenges for would-be campers looking to enjoy the outdoors at their favorite campground. This is particularly bothersome as we head into the season with long holiday weekends that beckon for outdoor adventures.
The PerimeterX research team has observed previous increases in malicious bot behavior as travel and leisure activity begin to return to some sort of post-COVID normal. This included bots attacks on car rental sites which increased last year as more people started driving to vacation destinations instead of flying. Since bad actors follow spikes in traffic, it’s natural that the current resurgence in outdoor activities will result in leisure websites becoming bot targets as well.
But what about other outdoor activities such as getting golf tee times or a highly coveted swim lane at the community center? These could be the latest targets for bots as well. I’ve wondered about golf, in particular, since I have spent way too many early mornings trying to get a time to play, only to see the spinning wheel of death as the site staggers to handle the 6 a.m. traffic and reports all times filled within 3 minutes. Could someone be using a bot to make sure they get their desired time on the links? A colleague reported the same ponderance after trying unsuccessfully to schedule a swim time.
The bottom line is that bots don’t discriminate when it comes to buying up inventory on popular items, whether tee times or gaming consoles or camping spots. These bots are called denial of inventory and scalping bots.
In denial of inventory attacks, people use hoarder bots to add an item thousands of times to a shopping cart over the course of a few days until the item’s inventory is depleted. By hoarding high-demand products, bots keep it out of stock, annoying customers, taxing infrastructure and reducing conversions and revenue.
In scalping attacks, people unleash automated scalping bots to buy sought-after products, such as limited editions of sneakers, concert tickets, designer clothing or possibly a camping site reservation or golf tee time. They set up fake accounts that browse product pages and execute checkouts to increase their chances of success. Then, after they’ve snapped up a businesses’ best inventory, they offer it at inflated prices on third-party sites or the markets on the dark web. It’s important to note that while these bots are annoying to the consumer, potential camper, golfer or outdoor enthusiast, there is nothing illegal about them. U.S. Congress passed the BOTS Act of 2016 to address purchasing and reselling concert or event tickets with bots, but coverage has not been extended to other limited inventory items.
To combat “campsite bots,” “golfing bots” or other bots that have yet to reveal themselves, and alleviate the frustration of consumers, website owners need a solution that recognizes the behavioral patterns of bots and stops them in their tracks.
Effective bot detection is critical for achieving success in the digital marketplace. The ability to differentiate bad bot traffic from good is key. The best solutions understand the difference between how humans and bots interact with a website, and along with environmental data, traffic volume and device fingerprints, provide highly effective bot mitigation.
For more information, check out the PerimeterX Bot Defender page.