Spinner Bots: What Are They and How to Stop Them

Have you ever gone to buy a ticket for a concert or the theatre to find that they’re sold out? This is a familiar story for many of us. And the kick in the teeth is seeing the very same tickets for sale elsewhere moments later, for an inflated price. The same can occur when booking flights; you want to book with your favorite airline only to find that there is no availability.

Faced with this scenario, we naturally attribute the lack of availability of not being quick enough to place our orders. In reality, behind this unusual and unfair activity lies an army of bots – spinner bots – programmed to target events and flights and hoard tickets to purposefully drive up prices.

Throughout this blog, we discuss spinner bots in a detail: what are spinner bots, why are spinner bots a threat to businesses and how can we stop them their tracks?

What are spinner bots?

Given the name, you can be forgiven for thinking that “spinner bots” sound innocuous. However, they’re problematic for a range of businesses if left unchecked.

A bot is essentially an automated set of processes applied into a single program or “bot” that carries out processes on the creator’s behalf. Spinner bots are designed to target specific web applications. Items are added to a basket and “spun”, ensuring they’re held until the bot creator decides to complete the checkout process. Alternatively, they will hold the items for a sustained period to prevent real customers from purchasing the item.

Why are spinner bots a threat to businesses?

Spinner bots typically target stock on retail, ticketing and airline platforms via their website and/or mobile app to make inventory appear sold out, or to hoard inventory and “spin” the basket with a view to resell it elsewhere for a profit. While the basket is “spinning,” the basket is prevented from timing out and the stock is held until the bot creator deems it necessary. The bot creator may have a range of objectives, including:

• Re-listing the item on a third-party site for a profit: The bot creator will only complete the purchase when their re-listing is sold
• Stopping real customers from purchasing items: Deliberately holding items to make them look unavailable

Are spinner bots illegal?

Under the 2018 change to legislation, the use of spinner bots is illegal and any group or individual caught using spinner bots could now face an unlimited fine.

How to stop spinner bots with Netacea

Bot creators are continually revising their tactics, techniques and procedures (TTPs) to simulate real user activity on your platform.

Rather than attempting to keep up with the arms race and firefighting the problem with legacy approaches, such as static rule sets or challenge-response techniques, companies should look to a specialist bot management vendor to determine the legitimacy of their visitors. Being able to differentiate between real and fake customers is key to responding to this threat.

By taking an analytical rather than a deterministic approach, security teams are fundamentally evaluating a different set of criteria instead of attempting to prove the legitimacy of a visitor. This arms the relevant teams with better, more prescriptive intelligence and allows for a robust response.

Talk to Netacea about our smarter approach to bot management today. Intent Analytics™ powered by machine learning quickly and accurately distinguishes bots from humans to protect websites, mobile apps and APIs from automated threats while prioritizing genuine users.