‘Bad Bot’ attacks threaten holiday shopping season, gaming console sales

Online threats to consumers will rise this month as shopping picks up, a new report says. 

 Security threats from “bad bots” will likely spike in November as consumers flock to online shopping events, notably Black Friday and Cyber Monday, a new report from cybersecurity firm Imperva says. 

A quarter of online retail traffic is bad bots and over half (57%) of all attacks recorded on retail websites were carried out by bots in 2021, according to Imperva’s “State of Security Within eCommerce 2021” report. 


A person dressed as an internet hacker is seen with binary code displayed on a laptop screen in this illustration photo taken in Krakow, Poland in August. Recently, attacks from bad bots have threatened holiday shopping. (Jakub Porzycki/NurPhoto via Getty Images / Getty Images)

Bad bots are responsible for a variety of automated threats including illegal price scraping, inventory fraud, account takeovers, credit card fraud, gift card abuse, and “Grinchbots” – which snap up popular goods to increase demand. 

“As demonstrated last holiday season, bots took advantage of scant supplies and created frustration for consumers globally,” Imperva said. 

Imperva Research Labs recorded a massive 788% increase in bad bot traffic to retail websites globally between September and October 2020, just as preorders for next generation gaming consoles were launched.  

“Good marketing campaigns don’t just attract customers, they attract bots, too,” Imperva said. 

The most salient example of this is last year’s launch of the new generation of gaming consoles and GPUs (graphics processing units). 

“Almost all stock was immediately purchased by bots,” according to the report.  

And the dearth of semiconductor chips makes this worse. 


“This, combined with other factors, made bad bots aggressively target the gaming hardware market in the second half of 2020 and throughout the holiday season,” according to Imperva. 

“The bad news for retailers and consumers alike is that this shortage is predicted to last well into 2022. That means getting a new gaming console or a GPU this holiday season is once again predicted to be an almost impossible task made harder by the increase in bad bot attacks.” 

Another thing for consumers to watch out for is launch dates. When a retailer announces a date and time for a popular product or a limited availability item, bots will be there first, Imperva said. 

 But the most damaging of all attacks is account takeover, Imperva said. 

The global pandemic has meant more online user accounts, attracting bad actors looking to take over accounts, according to Imperva.  

A woman in a face mask passes the turnstiles to enter a station the Novosibirsk Metro. The COVID-19 pandemic has led to an increase in online shopping which has led bad actors to try to take over accounts. ( Kirill KukhmarTASS via Getty Images / Getty Images)


“Put simply, account takeover is identity theft. Retail websites are an extremely lucrative target for these bad actors: saved credit card information, gift card balances, loyalty points, and other customer benefits are the main incentives.” 

A third of all login attempts on eCommerce websites have been account takeover attempts, the report said.