Websites Infected with Card-Skimming JavaScript Fail to Respond to Warnings
Last updated July 6, 2021
We are currently going through a highly problematic age for online shopping, with bots grabbing all the good stuff, leaving large numbers of customers perplexed and disappointed. Bots aren’t a new thing. However, in 2020, the situation has literally exploded.
Sony, Nvidia, Microsoft, and AMD failed spectacularly in managing the problem. A story by White Ops dives deeper into how fraudsters use bots to perform inventory hoarding and how they manage to actually make money out of this process.
First, fraudsters deploy an army of bots that are programmed to create hundreds of unique accounts and prepare for the target product's launch. When the sale begins, the bots log into the accounts and snatch up as many products as possible. These products then go to reselling third-party markets at a much higher price than their original, sometimes even ten times higher.
Secondly, the fraudsters incorporate ads on their reselling websites, so they make money from user clicks and impressions as well. In many cases, they go as far as setting bots to click on these ads, attempting to trick advertisers into paying them for fake engagement.
Thirdly, hackers buy lists of leaked credentials from dark web markets and proceed to take over accounts of people who were registered on popular and legitimate marketplaces. They then use these accounts to make purchases using stolen credit card information or refer “friends” to reap the rewards.
Finally, these actors are making money by causing data protection compliance and regulatory problems to the marketplaces, harming the retailer’s brand image, and frustrating customers who quickly abandon their efforts there and look elsewhere. Creating this negative situation can set the basis for extortion, which they often carry out.
So, all in all, the upcoming Black Friday and also Cyber Monday are currently under threat from bot swarms and the fraudsters that pull their strings. One key way through which these peculiar attacks can be rendered obsolete is by identifying and flagging fake ad clicks and bot impressions as fraudulent. Considering that this is the biggest source of income for the hackers, taking it away would make their operations impractical.