Digital fraud has been on the rise since the dawn of the internet. And one of the easiest ways to commit digital fraud is to automate it.
Using bots for fraud has become commonplace. Why?
Because bots allow sneaky fraudsters to scale up their efforts and improve their chances of snaring a big catch. The thing is, there are numerous ways these practices can be commited, and bot fraud covers a broad spectrum.
So, how are bots used to commit fraud, and what can you do to prevent falling victim to bot fraud, both as a business owner and in your personal life.
Defining digital fraud
Fraud covers a wide range of activities, but generally falls under three main headings:
Data and identity theft
Stealing money or inventory
Inflating views and traffic on websites
Almost all forms of fraud are trying to steal money or access data. But, of course, under these catch-all headings are numerous specific forms of fraud.
Understanding how they work, and what they are aiming to achieve, is the first step in avoiding digital fraud and bot fraud.
One of the most common and successful forms of digital fraud is phishing. By sending emails or SMS messages en masse fraudsters are hoping to capitalise on naivety, or a lapse in concentration, to get data that can be used for fraud.
Phishing uses bots to harvest email addresses and contact details, and will then automate the sending of messages. Some forms of phishing are used to spread malware, or downloads infected with viruses. Once in place, these slices of sneaky code can harvest sensitive data such as logins or perform automated activity such as spreading copies of itself.
There are several forms of phishing, perhaps the best known is the ‘Nigerian’ 411 scam. This is where emails are sent promising millions of dollars if a target will help the fraudster move money through their bank account.
A more sophisticated form of this is Business Email Compromise, or BEC, also known as CEO fraud. This is where scammers will target a company using data scrapers, and spoofed email addresses. The fraudster will take their time to understand the business and will then target a specific person or department, usually one with power to make money transfers.
The goal of the fraudsters is to dupe the company into making a huge wire transfer into their bank account.
Denial of service (DDoS) attacks
One of the most fearsome forms of bot fraud is the DDoS attack. With an army of bots at the ready, a malicious actor can target websites by overloading their servers and causing security systems to fail.
The end goal is usually accessing databases or infrastructure, or on occasion to steal money. DDoS attacks have been used as acts of sabotage between countries too, with the attack on Iran’s nuclear research program one of the best known.
For business owners, a DDoS attack can potentially mean a business offline, a huge leak of data and lost revenue.
Credit card fraud/Carding bots
Bots can be used to steal credit card details in multiple ways. The first is good ol’ fashioned data theft, where bots infiltrate a database and steal payment details. This can be done through a virus or malware infiltration, or the above mentioned DDoS attack.
Another clever way that bot fraud can harvest payment details is via malware in a browser or app. With the malware installed on a Chrome browser, for example, the bot can copy payment information entered by the user and send it to a central database operated by fraudsters.
To check if stolen cards work, fraudsters will use bots again to carry out carding attacks. This works by creating a shopping basket on an ecommerce site and processing payments with stolen cards.
For the merchant, this can result in chargebacks, lost inventory or even legal action. And for the account owner, of course, this can result in lost money.
Ad fraud bots
PPC fraud has become one of the most popular ways for fraudsters to leverage the power of bots. In fact, ad fraud has become a bigger problem, financially speaking, than even credit card fraud.
The way it works is fraudulent publishers will create spoofed or fake websites designed to host video or display ads. Views will then be inflated using bots, which can net the fraudulent party thousands of dollars each day.
Ad fraud click bots have notoriously been used to scam marketers out of millions of dollars in recent years. Scams such as Methbot, Hyphbot and Drainerbot are all held up as peak examples of this hugely damaging practice.
Although Google and the ad platforms have been working hard to block this form of fraud, it’s still estimated that around 90% of all PPC ads are affected by ad fraud.
Web traffic bots
The growing industry in inflating engagement on websites and social media has created a huge demand for bots. These bots are often sold as genuine traffic, but are, more often than not, sourced from click farms or botnets.
In terms of bot fraud, this relates to a betrayal of trust between the social media account/website owner and an advertiser. For example, many influencers accounts have been found to be inflated with bot traffic, and low quality websites have their metrics inflated with bots to demand higher fees for guest posts or to collect more money from affiliate clicks, or ad impressions. This is of course another form of ad fraud.
How to avoid falling victim to bot fraud
Like any form of fraud, the best way to avoid it is by being aware of it. And if you have a team, especially a remote team, you’ll need to make sure they’re aware of the threats and the processes to avoid these threats.
All businesses should carry out a regular fraud risk audit to identify where they might be affected by fraud, including bot fraud.
Check for example:
Security of your user details and database
Processes for sending payments, especially to new partners/accounts
How marketing revenue is spent and which KPIs are monitored
Monitoring of payment processes to avoid fake users and credit card fraud
Payments to affiliates and other advertising partners
There is a growing market in fraud detection and prevention. From protecting your payment processing or marketing, to monitoring your site security, the truth is that modern marketers need to pay attention to fraud more than ever.
In fact, a report from PwC found that most SME’s in 2020 used an average of four fraud detection platforms.
The cost of fraud is rising every year, and those that pay are typically those that are under-prepared.
Don’t be a victim. Read up on the dangers of digital fraud and bot fraud, and make sure everyone who works with or for your business understands the risks.