Black Friday Checklist for Bot Attacks

07/11/24

It’s November and Black Friday is upon us once again. Retailers have spent months planning every aspect of peak trade campaigns.

But bot operators have been equally busy plotting attacks such as scraping, scalping and credential stuffing. How have your preparations stacked up against that of threat actors and fraudsters?

August – September

In the summer months, retailers review last year’s Black Friday campaign performance and the trends in the market since that time. This is also the time for retailers to clean up send lists and test messaging on a small segment of their audience, so they can be ready to launch in the autumn months.

Meanwhile attackers are ensuring their bots are up to date and have all the associated resources in place, like fresh accounts and proxy lists. See the BLADE Framework for more details on the resource development stage of bot attacks.

Retailers

Data hygiene and testing:

  • Review last year’s Black Friday campaign
  • Clean send list of duplicates and spam
  • A/B test subject lines, send times, forms and automated flows
  • Test messaging on unengaged audience segments
  • Set dates for promotion duration, sends and reminders

Attackers

Resource development:

  • Create fake accounts in bulk to speed up automated checkouts on Black Friday
  • Buy or rent proxies to disguise bot traffic and bypass defenses
  • Develop, rent or buy bots required to execute automated attacks
  • Acquire list of leaked credentials from data dumps to test on other sites

October

A month out from Black Friday, retailers need to decide on their campaign structure and get them set up to succeed. This means coordinating stock levels and merchandising with ad spend and PR activity.

Attackers are also setting up their offensive strategies at this stage, configuring their bots to target specific sites and products for maximum impact once sales go live, all part of their pre-attack reconnaissance.

Retailers

Campaign planning and setup:

  • Determine Black Friday offers based on inventory, competitor intelligence and trends
  • Shift overstocked items and old inventory with email promotions
  • Refocus and ramp up paid advertising budgets and bids
  • PR to make retail publications and blogs aware of your best deals

Attackers

Reconnaissance:

  • Web scraping to get baseline prices, detect unlisted product pages, track pricing changes and errors
  • Choose target retailers and products to target based on profitability analysis
  • Configure bots to modules to target these and bypass any defenses detected
  • Acquire credential stuffing configs to attack specific websites likely to be busy during Black Friday

November

The time has arrived! Black Friday isn’t just a day anymore, with many businesses spreading the event across the whole of November. This alleviates stresses on web infrastructures that in previous years had a nasty habit of being crushed under the weight of sudden traffic spikes come Black Friday itself.

Still, retailers need to closely monitor the event, executing the campaign as planned with activity across the website, emails, social media and adverts, as well as PR and ensuring all sites and apps operate smoothly.

The extended sale period also plays into the hands of attackers, who use heavy automation to snatch items as they become available. They also use the peaky seasonality of customer traffic to hide other attacks like carding and account takeover.

Retailers

Black Friday sales goes live:

  • Send early access discount codes to email lists
  • Publish gift guide content organically and on paid social
  • Email + social campaign counting down to deals going live
  • Retarget 90-day audience with adverts highlighting offers on relate products
  • Refresh cart abandonment automation messaging with Black Friday deals

Attackers

Attack execution on Black Friday sales:

  • Automate checkout of low availability items
  • Automate relisting of items on secondary markets
  • Automate checkout of heavily discounted or mistakenly free items
  • Credential stuffing hidden withing seasonal traffic patterns to takeover accounts and steal personal/financial information

December

Although Black Friday is done with for another year, peak trade season is only just beginning. Retailers can use performance data to adjust their strategies for the coming month and pass these learning on to prepare for next year.

This is also where attackers reap what the sowed in November. They sell the discounted items they scalped on secondary markets at full price, and often show off their successes on social media or underground forums to sell their tools and expertise to others.

Retailers

Review of Black Friday performance:

  • Review KPIs and report back to the team
  • Adjust strategy leading into rest of holiday season
  • Make recommendations for next year’s event

Attackers

Post attack on Black Friday sales:

  • Relist heavily discounted items at or close to RRP on secondary markets
  • Boast about successful purchases in online forums and sell tools and skills to other users for rest of peak trade season

What Are Attackers Saying About Your Brand and Black Friday?

While retailers are acutely aware of the increased risk of bot attacks at this time of year, procuring new tools amid Black Friday season might not be a realistic prospect. But what you can do is find out what attack groups are saying about your brand and get intelligence on how your defenses are holding up.

Book a call with the Netacea Threat Intel Center and we’ll get to work on a Black Friday Threat Report, exposing the groups targeting your business and how successful they’ve been.

Block Bots Effortlessly with Netacea

Book a demo and see how Netacea autonomously prevents sophisticated automated attacks.
Book

Related Research & Reports

How Bots Attack Streaming Services
Research & Reports
24/07/24

How Bots Attack Streaming Services

Learn about the rise in streaming account theft. Discover criminal tactics and the steps streaming services need to take to protect their customers.
age of offensive AI report from Netacea cover iamge
Research & Reports
24/04/24

Cyber Security in the Age of Offensive AI

Read analysis into the greatest challenges in incorporating defensive AI, with insights into the future of AI attacks from experts.
death by a billion bots report from netacea front cover
Research & Reports
08/04/24

Death By a Billion Bots

Uncover the accumulating business cost of malicious automation in this report from Netacea, gleaned from a major industry survey.

Block Bots Effortlessly with Netacea

Demo Netacea and see how our bot protection software autonomously prevents the most sophisticated and dynamic automated attacks across websites, apps and APIs.
  • Agentless, self managing spots up to 33x more threats
  • Automated, trusted defensive AI. Real-time detection and response
  • Invisible to attackers. Operates at the edge, deters persistent threats

Book a Demo