Fake registrations by bad bots involve the automated creation of false accounts or registrations on digital platforms. These bots, designed by cybercriminals, mimic human behavior to exploit vulnerabilities in registration processes. By inputting fictitious or stolen identity information, these accounts appear legitimate but serve malicious purposes. Bad bots execute these actions to spam platforms, harvest sensitive data, or engage in other fraudulent activities, jeopardizing the integrity of online spaces and compromising user security. This menace not only undermines the credibility of digital platforms but also poses significant threats to businesses and users.
Monetary Gains by Using Bad Bots
One of the interesting use cases that we have is of a F&B customer of Radware that had a recent Sweepstake contest for their customers. Participants just had to fill in a separate promotional webpage form detailing their information and submit it. 30 randomly selected participants will be awarded $500 cash and one month’s supply of the company’s best-selling product in the form of coupons. However, opportunists took the chance to gain more by doing less.
They employed bots to fill in the entries with fake registrations to increase their chances of winning. So much so that there were more than 490 bad bot hits on their platform with 145,000 fake registrations identified just within a week.

Figure 1: Bad bot hits recorded on the retailer’s promotional webpage.
Of the 380,000 entries, more than 125,000 were fake entries made by bad bots. Which means that around 34% of their entries were done by bad bots.

Figure 2: Comparison between genuine and fake registrations on the retailer’s portal.
The issue of bad bots filling fake registrations for winning contests holds significant implications due to its prevalence and the substantial harm it can inflict on businesses and individuals alike:
- Rampant Contest Manipulation: Manipulation by bots distorts the fairness and authenticity of such competitions, misleading organizers and affecting genuine participants' chances of winning.
- Widespread Impact: Organizers across these sectors face an ongoing battle against automated entries that skew results and compromise the integrity of their contests.
- Loss of Credibility and Trust: Authentic participants might question the fairness of the contests, impacting their trust in the brand or platform.
- Financial Losses and Resource Drain: Companies might allocate resources for prizes, marketing, or event planning, only to have the results invalidated by bot-driven fake registrations.
- Diminished User Engagement and Participation: Decreased user engagement and participation can impact the success of future promotions or campaigns, affecting businesses' marketing strategies.
How Does Fake Registration Take Place:

Figure 3: How fake registration takes place
Malicious bots, equipped with automated scripts, infiltrate registration forms on websites or apps, manipulating these forms by filling in fields with randomly generated or predefined information. In our customer’s case where bots were used to fill the form, the scripts would click on “Enter Now” which would create a new registration with encrypted values. The script then refreshed the same webpage or opened the webpage in a new tab to submit the request again creating a new set of submitted encrypted values that would be recognized as legal submissions for the contest.

Figure 4: Fake registrations identified on retailer’s portal
The image vividly illustrates the impact of automated scripts running simultaneously, initiating multiple browser instances in their initial hit, and orchestrating a multitude of contest registrations. What's striking is the staggering volume of activity stemming from a single IP address within a mere week: over 80,000 bot-driven interactions occurred, resulting in a staggering 35,000 successful unique registrations.
The consequences of such rampant bot usage extend far beyond mere numbers. For authentic participants, this inundation of bot-driven registrations dramatically skews the fairness of contests or promotions. The chances of genuine entrants winning prizes or securing coveted spots are significantly diminished in the face of this automated onslaught.
How Can Bot Manager Help to Curb Fake Registrations:
A Bot Manager plays a crucial role in curbing fake registrations by employing sophisticated technologies and strategies specifically designed to detect and prevent bot-driven activities. Here's how Radware Bot Manager can help mitigate fake registrations:
- Intent-Based Deep Behavioral Analysis:
Radware utilizes Intent-based Deep Behavioral Analysis (IDBA) to distinguish human-like interactions from sophisticated bot activity. IDBA detects advanced bots with human-like interactions, significantly reducing false positives in identifying fake registrations. - Handling Bot Traffic in Multiple Ways:
Radware Bot Manager allows custom actions based on bot types, such as showing challenges like CAPTCHAs to suspected non-human traffic. Challenges and custom actions disrupt automated attempts, preventing fake registrations by bots targeting web properties. - Transparent Reporting and Comprehensive Analytics:
The Bot Manager provides granular classification of bot types and comprehensive analytics, aiding in efficient management of non-human traffic offering clear insights into bot intent, aiding in the identification and management of fake registrations on internet properties.
- Widest Mitigation Options:
Radware’s various mitigation options include Crypto Challenge and CAPTCHA-less mitigation with Blockchain-based Cryptographic Proof of Work. This innovative mitigation method creates CPU-intensive browser-based challenges against anomalies in user behavior and stops sophisticated bot attacks without impacting customer experience. - Mobile Application Protection Capabilities:
Radware’s integrated device authentication and secure identity to protect mobile apps against bot attacks enhancing mobile app security, ensuring only genuine devices access resources, and stopping bot attacks on mobile apps.