Ask the Experts: Black Friday Bot Attacks
As Black Friday approaches, retailers are gearing up for the inevitable surge in online traffic. But cybercriminals are also preparing for this high-stakes season, fine-tuning their bot attack strategies to exploit inventory, pricing, and customer accounts.
To shed light on these threats and what retailers can do to prepare, we consulted five experts from Netacea who shared their insights on the bot attack landscape during Black Friday and beyond.
Our panel includes:
- Andy Still, CTO & Co-founder
- Matthew Gracey-McMinn, VP Threat Services
- Lizzy Eccles, Principal Consultant
- Charlotte Hurst, Head of Customer Success
- Dr. Mark Greenwood, Chief Technical Architect
Hear what they each had to say about Black Friday bot attacks in the full video, or read on for our summary.
The Shift to eCommerce and Bot Attacks
With more consumers shopping online than ever, the retail landscape has shifted significantly. “We’ve seen a lot of emerging trends, specifically post COVID, with consumers being driven towards eCommerce,” explains Charlotte Hurst. “The popularity of online sales meant that gone are the days of queuing outside flagship stores. Now we’ve seen a shift towards virtual queuing and a lot of demand in the virtual eCommerce space, and that means that protecting server load, site reliability, and product availability from scalper bots and other automated attacks becomes a lot more imperative.”
As consumers flock to online shopping platforms, bots have an easier time attacking retail websites and disrupting the shopping experience for real customers. Bot attacks are no longer a side issue; they’re now central to protecting both sales and brand reputation.
Scalping Bots: Manipulating High-Demand Products
Scalping bots are among the most notorious threats during Black Friday. These bots automatically add high-demand items to their cart and complete checkout faster than any human customer. As Dr. Mark Greenwood explains, “When goods are on sale for bargain prices, there’s opportunities there for people to monetize them, snapping up the latest bargains so they can flip those products in marketplaces, to be able to sell them on in resale markets.”
Scalping bots can manipulate the market and create artificial scarcity, forcing customers to turn to secondary markets. But this effect isn’t limited to big-ticket items. Lizzy Eccles highlights that bots are now targeting everyday items as well. “A lot of the focus from bots used to be on the very high-ticket price items, whereas now what we’re quite often seeing with the kind of rise of secondary markets is that everyday items can quite often be scalped. If the discount being offered is such, they can easily be resold.”
“It’s a much lower margin of entry for the bots in that market and a much less risk involved with these lower ticket items. So, we’re seeing a much, much broader range of products being attacked by bots these days than we were before.”
The Trap of False Demand
Scalping bots don’t just impact inventory – they can also distort demand. Matthew Gracey-McMinn explains, “If you think, ‘this item is selling really well, because we’ve lowered the price, we’ve got loads of customers’, you might not realize you’re actually selling it to scalpers. These scalpers are reselling it somewhere else. You might order in a lot of stock to account for the demand that you appear to have for this item, and you might lower other items and so forth in the same way. And the scalpers might suddenly decide, ‘I’m not making money off this the way I want to’, and suddenly stop buying and you’re left with loads of stock you’re going to struggle to shift.”
Scalpers can create a false sense of demand that leaves retailers with unsold stock when the resale market doesn’t pan out as planned. This highlights the importance of tracking and managing real-time demand data to detect suspicious buying patterns.
Freebie Bots: Exploiting Pricing Errors
Another rising threat is freebie bots, which scan retailers’ sites to find items listed at incorrect prices. Matthew Gracey-McMinn describes this process: “One of the other attacks we’ve seen developing more and more recently is what we call freebie bots. They’re constantly scanning all the item listings on various retailers, often hundreds of retailers at a time. So sometimes when retailers upload new items to their online catalogues, they will mistakenly upload them at some sort of zero pound or zero dollar price point, and these scrapers, their job is basically to identify where this happens and then buy as many as they can at that price point as possible, so that the attacker can basically build up a massive supply of them and sell them on later. Even if you sell them and it’s, say, 50 cents, you’re making a significant sum of money, and it can be really quite painful to retailers when this happens.”
The fast-paced environment of Black Friday, with constant updates to pricing and inventory, makes it easier for errors to occur. Freebie bots exploit these mistakes to maximize their profits, often at a considerable cost to the retailer.
Credential Stuffing Attacks: A Threat to Customer Accounts
During Black Friday, credential stuffing attacks increase as cybercriminals attempt to access customer accounts using stolen credentials. Charlotte Hurst warns, “These big events often lead to criminal organizations wanting to test out a lot of their credential lists that they’re buying off of the dark web. And they see it as a great opportunity to kind of hammer identity endpoints with username and passwords to try and find what works and what doesn’t. If you find that pair and you crack the code, that’s going to be very, very, very, very valuable for these attackers.”
Retailers should be on high alert and not assume surges of traffic are genuine customer activity at peak times. Yet ensuring that security measures don’t impact legitimate customers is essential to providing a smooth Black Friday experience.
Bot Attacks Grow in Complexity
Bot attacks are no longer simple scripts – they’re part of a thriving ecosystem. “It’s become cheaper and easier than ever for bad actors to purchase and deploy scripts,” says Charlotte Hurst. “This makes attacks more complex, more frequent as well. We’re seeing criminal organizations become more professional over time. Some of these organizations have HR departments, they’re that well organized.”
Andy Still elaborates on this professionalization: “There’s a big multi-billion-dollar industry for people building the tooling and platforms to enable other people to do attacks. So, what we see much more now is that the attacks are not end to end by one person or one group. They are a number of groups who are doing a part of an attack, and they then make the results of that attack available to other groups to take on the next stage of the attacks.”
This multi-layered approach means that retailers need dynamic, layered security strategies to defend against highly coordinated attacks.
Attacker Preparation Mirrors Retailers’ Own Black Friday Prep
As retailers prepare for Black Friday, so do attackers. Matthew Gracey-McMinn notes, “Attackers are preparing for Black Friday by doing a couple of things. One, they’re setting up getting ready for their attacks, so they’re acquiring tooling. It’s worth noting that this ecosystem is very professionalized now. It’s not like one person doing the whole thing end to end. You have different specialists at each stage of the attack, would say one person actually doing the attack, but they’ll buy a tool off someone else or information off someone else.”
Attackers use sophisticated tools to monitor prices, check stock levels, and plan their attacks. “We see things like monitoring services and tools that simply scrape hundreds of retailers around the world,” adds Gracey-McMinn. “And so, attackers are acquiring the tools that will do that, doing the analysis where they have to in order to maximize their profits.”
Dynamic Defense and Threat Intelligence Are Essential
To counter these evolving threats, retailers need adaptable, intelligence-driven defense strategies. Charlotte Hurst underscores this, saying, “Preparation is everything. A holistic approach towards security is needed. I think threat intelligence is really key to understand the landscape around your business. And then secondary to that, implementing dynamic toolkits to protect against automated attacks. Working with your partners is really key. So, ensuring that you lean on your provider’s expertise, educate your teams on what to expect, and how to approach and mitigate the risks.”
Static defenses are no match for bots that can easily adapt to basic security measures. Dynamic tools like Netacea’s can help retailers detect and counter new attack strategies in real-time, preventing damage without impeding legitimate customers.
Minimizing Collateral Damage: Balancing Security with Customer Experience
One of the biggest challenges retailers face is balancing security with the customer experience. Dr. Mark Greenwood explains how this can be achieved with dynamic modeling. “In order to help customers manage events like Black Friday, all of our models all year round are tuned to respond to those marketing spikes differently than automated traffic spikes. During Black Friday, obviously, there’s more of those events, but we tune our models in just the same way to handle that distinction and make sure we’re not accidentally blocking legitimate traffic, even though it looks irregular compared to your average Friday.”
Dynamic models are essential to distinguish between real and bot-driven traffic during Black Friday’s high-traffic periods. Ensuring a smooth experience for legitimate shoppers while blocking bots is key to a successful shopping season.
Communication and Preparation Across Teams
Preparation requires collaboration across departments. Lizzy Eccles advises, “The most impactful thing a customer can do before Black Friday is to communicate with their different teams that are involved in their traffic management, whether that’s security or anything else, as to when the key dates will be, what even the key products might be. But really keeping those lines of communication wide open so that updates can be shared, findings can be seen, and that your teams are fully prepped.”
Coordinating with teams involved in traffic management and security can make all the difference in identifying and stopping attacks during peak traffic times.
Post-Event Analysis: Building Stronger Defenses for the Future
Finally, after Black Friday, post-event analysis is essential. Lizzy Eccles notes, “Post event analysis, we always do this with our retail customers. It’s a really dig deep into the traffic that was observed. Do the checkouts match the numbers of visitors we saw on some of the product pages and so on and so forth. Are there any lessons learned that we can take forward into further seasonal sales?”
Black Friday marks the beginning of a busy holiday shopping period, and lessons learned can be applied throughout the season to improve defenses and minimize disruptions.
Stay Ahead of Black Friday Bot Attacks
This Black Friday, retailers can expect bot attacks to be more sophisticated, frequent, and far-reaching. From credential stuffing to scalping and freebie bot attacks, the threats are varied and constantly evolving. To stay one step ahead and protect revenue, retailers need robust, dynamic defenses.
To dive deeper into these bot tactics and learn how to prepare, register for our Black Friday Threat Report. Equip your team with the latest insights and strategies to secure your business and provide a seamless experience for your customers this Black Friday season.
