Automated bots are increasingly sophisticated in their methods of hijacking e-commerce sites, an industry insider has warned.

Speaking at the Internet Retailing Conference, Sean Bennett, director of consumer markets at cybersecurity firm Shape Security, warned that cyber criminals have become so effective at disguising automated bots as real shoppers that some 63 per cent of visits and impressions recorded by targeted sites are fake, rising to 93 per cent of log-ons.

Cybercriminals use bots to impersonate human shoppers in order to take over accounts, defraud customers and scrape data from the site to gain a financial and commercial advantage.

“The game has developed to such a point that this traffic is looking like real users,” he said, explaining that artificial intelligence means that ‘fake visitors’ are now able to mimic the online activity of a real shopper.

“We’re seeing key presses, we’re seeing mouse movements, we’re seeing human-like interaction and it’s very difficult with existing controls to identify that accurately and to make the right judgements.”

While some bad actors may deploy fake visitors to scope out the analytics of a rival retailer or potential acquisition target, others may have more nefarious or fraudulent intentions.

Bennett explained: “The first key motive is around stealing data, getting in and grabbing pricing details, getting inventory numbers so they can maybe compete better, get some analysis on which retailer is best to invest in or which is potentially an acquisition target, or just purposefully to screw metrics, to get in and misdirect the marketing teams and the budget to a different area.”

Hackers are now able to scrape data and interfaces from entire website in order to set up zombie sites as part of a fraud, he said.

“Increasingly we’re seeing whole sites scraped and set up as a direct copy of the brand site in jurisdictions where the brand can’t directly operate. And that third party takes that customer relationship, and at that point you can’t control them, engage with them and at that point you lose the customer, not to mention the legal ramifications.”

Criminals taking over customer logins and stealing credit balances is also a “clear and present danger” from hackers, Bennett warned.

He also noted that automated bots can be trained on customer baskets in order to exhaust a retailer’s inventory, leading to website paralysis and stock levels drying up, with a potentially huge impact for customers and companies.

“In many retailers that we work with stock is held as soon as it’s in cart. So if the bad actors are accessing the sites and adding things in and they’re trying to check stock levels, what they will do is through many fake accounts that they’ve set up… they will try to push the business by seeing how many carts they can fill up before the inventory is exhausted.

“They use that data in many ways. Some to effectively extort the merchants in other ways just to collect data but it’s preventing real customers from buying.”

Share Story: