As we approach Black Friday 2024, e-commerce retailers are bracing for what promises to be one of the biggest online shopping events of the year. However, beneath the surface of anticipated record-breaking sales during this holiday shopping season lies a growing threat that threatens the success of these sales: the increasing sophistication and impact of bad bots. Our analysis of bot attacks across some of our biggest e-commerce customers reveals concerning patterns that every e-commerce organization should be aware of, leading up to the high-stakes holiday sales season.
Disruption of Pricing & Competitive Strategy
The battle for competitive advantage during Black Friday has taken an automated turn with the usage of sophisticated bots. Bot operators and competitors use advanced bots that can continuously scrape data and feed back into them in real-time, enabling instant reactive adjustments to their marketing promotions, product mix, or pricing strategy.
Our data from traffic insights on a major e-commerce customer tells a compelling story: in the weeks leading up to Black Friday, we detected over 1 billion price scraping attempts through a period of 30 days, at an average of over 45 million daily attempts, with the potential to not just strain infrastructure but also to undermine the competitive advantage of e-retailers.
Content scraping is another concerning attack vector in which modern bots continuously keep track of competitor’s product data, descriptions, SEO strategies, and customer reviews to gain real-time visibility and manipulate search engine rankings. For a major e-retailer we recorded a significant spike in content scraping attempts during the three-day equivalent of their Black Friday sale this year, capturing over 86 million scraping attempts, averaging almost 30 million daily compared to the 4 million attempts on other days.
Performance Degradation and Poor User Experience
The impact of bot traffic on website performance presents a critical challenge during Black Friday. During such high-traffic sales events it can lead to poor user experience, decreased conversion rates, and substantial revenue losses for major e-retailers, with even seconds of delay resulting in abandoned carts and lost sales. Beyond the revenue concerns, the surge in these ATO attempts also translates directly into degraded user experience and losses for genuine customers, with successful ATO attempts leading to unauthorized purchases, theft of personal and financial information, and abuse of digital wallets. Our analysis of traffic to a leading online retailer revealed a consistently high number of account takeovers being attempted, with around 95 million malicious login attempts detected over a period of 30 days.
Such large-scale automated attacks if unchecked, could create artificial traffic surges that can slow page load times and impact checkout processes during the high-stakes Black Friday sale days – when performance matters most.
Inventory Planning Disruption
The disruption of inventory planning represents perhaps the most complex challenge posed by bad bots, with the potential of far-reaching consequences much beyond the online shopping experience. During last year's Black Friday, we detected a 6x spike in cart abandonment attempts at a major e-commerce retailer when compared to regular days.
Such cart abandonment and inventory hoarding attempts could create a cascade of operational challenges. Bots typically target high-demand items, placing them in carts within milliseconds of availability. This artificial demand skews inventory algorithms, triggering premature restock orders and disrupting carefully planned supply chains. This manipulation affects everything from warehouse operations to shipping logistics, creating ripple effects that extend well beyond the sales period.
Financial Losses
The financial impact of bot attacks extends far beyond direct revenue losses due to lost sales. Infrastructure costs spike from handling inflated bot traffic. Customer service resources are strained handling bot-related issues, with support tickets related to account security and purchase problems. Our monitoring of a major e-commerce retailer shows an alarming trend: fake account registration attempts have been steadily increasing leading up to this year’s Black Friday, with more than 520,000 instances recorded over a period of 30 days. These fake accounts could have potentially served as launching points for multiple forms of fraud and abuse.
Opportunity costs is another major issue. When bots create artificial scarcity by adding products to a cart and then abandoning them, genuine customers are forced to look elsewhere. In the time-critical period of flash sales during Black Friday, many customers would immediately switch to competing retailers, without returning to complete their original purchase even if inventory is released later.
Loss of Customer Trust and Brand Reputation
The foundation of e-commerce success is dependent on customers’ trust in transacting online. Carding attacks strike at this core belief, using bots to attempt fraud payment transactions and validate stolen credit card information. During last year’s Black Friday, we detected over 150,000 carding attack attempts in just a span of 3 hours at a major e-commerce retailer.
These attacks can potentially create a complex web of consequences beyond immediate fraud concerns. Failed payment attempts from carding attacks lead to legitimate transactions being flagged as suspicious, creating friction for genuine customers. The scale of these attacks forces implementation of stricter security measures, potentially complicating the customer journey. Also, the reputational damage from these attacks can persist long after the sales event. Customers who experience fraud-related issues are less likely to return for future sales events, creating a long-term impact on customer lifetime value.
Need for Advanced Bot Protection: Much Beyond Just Security
The success of Black Friday sales increasingly depends not just on having the right products and prices, attracting the right audience and bringing in traffic, but on ensuring that your platform is protected against the malicious threats that seek to disrupt it. As we approach Black Friday 2024, the message is clear: bot protection isn’t just about security – it’s about protecting revenue, maintaining competitive advantage, and ensuring customer trust. As bot attacks continue to evolve becoming more aggressive, persistent, and sophisticated, e-commerce organizations require a comprehensive approach to detection and mitigation.
Our Black Friday Bot Threat Report dives deeper into the major bot attack types targeting e-retailers, the emerging bot threats leading up to Black Friday 2024, and our recommendations for e-commerce organizations to ensure that their Black Friday and holiday season sales remain both profitable and secure. Click here to read more.