Black Friday Checklist for Bot Attacks
It’s November and Black Friday is upon us once again. Retailers have spent months planning every aspect of peak trade campaigns.
But bot operators have been equally busy plotting attacks such as scraping, scalping and credential stuffing. How have your preparations stacked up against that of threat actors and fraudsters?
August – September
In the summer months, retailers review last year’s Black Friday campaign performance and the trends in the market since that time. This is also the time for retailers to clean up send lists and test messaging on a small segment of their audience, so they can be ready to launch in the autumn months.
Meanwhile attackers are ensuring their bots are up to date and have all the associated resources in place, like fresh accounts and proxy lists. See the BLADE Framework for more details on the resource development stage of bot attacks.
Retailers
Data hygiene and testing:
- Review last year’s Black Friday campaign
- Clean send list of duplicates and spam
- A/B test subject lines, send times, forms and automated flows
- Test messaging on unengaged audience segments
- Set dates for promotion duration, sends and reminders
Attackers
Resource development:
- Create fake accounts in bulk to speed up automated checkouts on Black Friday
- Buy or rent proxies to disguise bot traffic and bypass defenses
- Develop, rent or buy bots required to execute automated attacks
- Acquire list of leaked credentials from data dumps to test on other sites
October
A month out from Black Friday, retailers need to decide on their campaign structure and get them set up to succeed. This means coordinating stock levels and merchandising with ad spend and PR activity.
Attackers are also setting up their offensive strategies at this stage, configuring their bots to target specific sites and products for maximum impact once sales go live, all part of their pre-attack reconnaissance.
Retailers
Campaign planning and setup:
- Determine Black Friday offers based on inventory, competitor intelligence and trends
- Shift overstocked items and old inventory with email promotions
- Refocus and ramp up paid advertising budgets and bids
- PR to make retail publications and blogs aware of your best deals
Attackers
Reconnaissance:
- Web scraping to get baseline prices, detect unlisted product pages, track pricing changes and errors
- Choose target retailers and products to target based on profitability analysis
- Configure bots to modules to target these and bypass any defenses detected
- Acquire credential stuffing configs to attack specific websites likely to be busy during Black Friday
November
The time has arrived! Black Friday isn’t just a day anymore, with many businesses spreading the event across the whole of November. This alleviates stresses on web infrastructures that in previous years had a nasty habit of being crushed under the weight of sudden traffic spikes come Black Friday itself.
Still, retailers need to closely monitor the event, executing the campaign as planned with activity across the website, emails, social media and adverts, as well as PR and ensuring all sites and apps operate smoothly.
The extended sale period also plays into the hands of attackers, who use heavy automation to snatch items as they become available. They also use the peaky seasonality of customer traffic to hide other attacks like carding and account takeover.
Retailers
Black Friday sales goes live:
- Send early access discount codes to email lists
- Publish gift guide content organically and on paid social
- Email + social campaign counting down to deals going live
- Retarget 90-day audience with adverts highlighting offers on relate products
- Refresh cart abandonment automation messaging with Black Friday deals
Attackers
Attack execution on Black Friday sales:
- Automate checkout of low availability items
- Automate relisting of items on secondary markets
- Automate checkout of heavily discounted or mistakenly free items
- Credential stuffing hidden withing seasonal traffic patterns to takeover accounts and steal personal/financial information
December
Although Black Friday is done with for another year, peak trade season is only just beginning. Retailers can use performance data to adjust their strategies for the coming month and pass these learning on to prepare for next year.
This is also where attackers reap what the sowed in November. They sell the discounted items they scalped on secondary markets at full price, and often show off their successes on social media or underground forums to sell their tools and expertise to others.
Retailers
Review of Black Friday performance:
- Review KPIs and report back to the team
- Adjust strategy leading into rest of holiday season
- Make recommendations for next year’s event
Attackers
Post attack on Black Friday sales:
- Relist heavily discounted items at or close to RRP on secondary markets
- Boast about successful purchases in online forums and sell tools and skills to other users for rest of peak trade season
What Are Attackers Saying About Your Brand and Black Friday?
While retailers are acutely aware of the increased risk of bot attacks at this time of year, procuring new tools amid Black Friday season might not be a realistic prospect. But what you can do is find out what attack groups are saying about your brand and get intelligence on how your defenses are holding up.
Book a call with the Netacea Threat Intel Center and we’ll get to work on a Black Friday Threat Report, exposing the groups targeting your business and how successful they’ve been.
