Black Friday Checklist for Bot Attacks

07/11/24

Article Contents

    It’s November and Black Friday is upon us once again. Retailers have spent months planning every aspect of peak trade campaigns.

    But bot operators have been equally busy plotting attacks such as scraping, scalping and credential stuffing. How have your preparations stacked up against that of threat actors and fraudsters?

    August – September

    In the summer months, retailers review last year’s Black Friday campaign performance and the trends in the market since that time. This is also the time for retailers to clean up send lists and test messaging on a small segment of their audience, so they can be ready to launch in the autumn months.

    Meanwhile attackers are ensuring their bots are up to date and have all the associated resources in place, like fresh accounts and proxy lists. See the BLADE Framework for more details on the resource development stage of bot attacks.

    Retailers

    Data hygiene and testing:

    • Review last year’s Black Friday campaign
    • Clean send list of duplicates and spam
    • A/B test subject lines, send times, forms and automated flows
    • Test messaging on unengaged audience segments
    • Set dates for promotion duration, sends and reminders

    Attackers

    Resource development:

    • Create fake accounts in bulk to speed up automated checkouts on Black Friday
    • Buy or rent proxies to disguise bot traffic and bypass defenses
    • Develop, rent or buy bots required to execute automated attacks
    • Acquire list of leaked credentials from data dumps to test on other sites

    October

    A month out from Black Friday, retailers need to decide on their campaign structure and get them set up to succeed. This means coordinating stock levels and merchandising with ad spend and PR activity.

    Attackers are also setting up their offensive strategies at this stage, configuring their bots to target specific sites and products for maximum impact once sales go live, all part of their pre-attack reconnaissance.

    Retailers

    Campaign planning and setup:

    • Determine Black Friday offers based on inventory, competitor intelligence and trends
    • Shift overstocked items and old inventory with email promotions
    • Refocus and ramp up paid advertising budgets and bids
    • PR to make retail publications and blogs aware of your best deals

    Attackers

    Reconnaissance:

    • Web scraping to get baseline prices, detect unlisted product pages, track pricing changes and errors
    • Choose target retailers and products to target based on profitability analysis
    • Configure bots to modules to target these and bypass any defenses detected
    • Acquire credential stuffing configs to attack specific websites likely to be busy during Black Friday

    November

    The time has arrived! Black Friday isn’t just a day anymore, with many businesses spreading the event across the whole of November. This alleviates stresses on web infrastructures that in previous years had a nasty habit of being crushed under the weight of sudden traffic spikes come Black Friday itself.

    Still, retailers need to closely monitor the event, executing the campaign as planned with activity across the website, emails, social media and adverts, as well as PR and ensuring all sites and apps operate smoothly.

    The extended sale period also plays into the hands of attackers, who use heavy automation to snatch items as they become available. They also use the peaky seasonality of customer traffic to hide other attacks like carding and account takeover.

    Retailers

    Black Friday sales goes live:

    • Send early access discount codes to email lists
    • Publish gift guide content organically and on paid social
    • Email + social campaign counting down to deals going live
    • Retarget 90-day audience with adverts highlighting offers on relate products
    • Refresh cart abandonment automation messaging with Black Friday deals

    Attackers

    Attack execution on Black Friday sales:

    • Automate checkout of low availability items
    • Automate relisting of items on secondary markets
    • Automate checkout of heavily discounted or mistakenly free items
    • Credential stuffing hidden withing seasonal traffic patterns to takeover accounts and steal personal/financial information

    December

    Although Black Friday is done with for another year, peak trade season is only just beginning. Retailers can use performance data to adjust their strategies for the coming month and pass these learning on to prepare for next year.

    This is also where attackers reap what the sowed in November. They sell the discounted items they scalped on secondary markets at full price, and often show off their successes on social media or underground forums to sell their tools and expertise to others.

    Retailers

    Review of Black Friday performance:

    • Review KPIs and report back to the team
    • Adjust strategy leading into rest of holiday season
    • Make recommendations for next year’s event

    Attackers

    Post attack on Black Friday sales:

    • Relist heavily discounted items at or close to RRP on secondary markets
    • Boast about successful purchases in online forums and sell tools and skills to other users for rest of peak trade season

    What Are Attackers Saying About Your Brand and Black Friday?

    While retailers are acutely aware of the increased risk of bot attacks at this time of year, procuring new tools amid Black Friday season might not be a realistic prospect. But what you can do is find out what attack groups are saying about your brand and get intelligence on how your defenses are holding up.

    Book a call with the Netacea Threat Intel Center and we’ll get to work on a Black Friday Threat Report, exposing the groups targeting your business and how successful they’ve been.

    Block Bots Effortlessly with Netacea

    Book a demo and see how Netacea autonomously prevents sophisticated automated attacks.
    Book

    Related Research & Reports

    How Bots Attack Streaming Services
    Research & Reports
    24/07/24

    How Bots Attack Streaming Services

    Learn about the rise in streaming account theft. Discover criminal tactics and the steps streaming services need to take to protect their customers.
    age of offensive AI report from Netacea cover iamge
    Research & Reports
    24/04/24

    Cyber Security in the Age of Offensive AI

    Read analysis into the greatest challenges in incorporating defensive AI, with insights into the future of AI attacks from experts.
    death by a billion bots report from netacea front cover
    Research & Reports
    08/04/24

    Death By a Billion Bots

    Uncover the accumulating business cost of malicious automation in this report from Netacea, gleaned from a major industry survey.

    Block Bots Effortlessly with Netacea

    Demo Netacea and see how our bot protection software autonomously prevents the most sophisticated and dynamic automated attacks across websites, apps and APIs.
    • Agentless, self managing spots up to 33x more threats
    • Automated, trusted defensive AI. Real-time detection and response
    • Invisible to attackers. Operates at the edge, deters persistent threats

    Book a Demo

    Address(Required)
    Privacy Policy(Required)