This year's kickoff to the holiday shopping season with Black Friday (and Small Business Saturday, and Cyber Monday) was different from Black Fridays in years past. With COVID-19 preventing many would-be shoppers from making the trip to brick-and-mortar locations, digital retailers are hoping that online shopping will make up the gap this holiday season.
But there's a different market springing up alongside authentic holiday shopping: cybercriminals and bad actors looking to take advantage of both consumers' and retailers' investments in holiday campaigns. And this year, fraudsters will capitalize on switching-to-online shoppers who may be unfamiliar with cybersecurity best practices. Those shoppers might reuse simple passwords from one site to the next, be quick to click on links in phishing emails, and be more tempted to download apps that give fraudsters access to their data. Armed with easy access to a bustling dark market of stolen user credentials and data, fraudsters can make a payday of the holiday season, and it's real consumers and retailers who may be left holding the bag.
Deloitte projected that online holiday spending could jump as much as 25-35% this year. With a new population of inexperienced online shoppers, every dollar spent on Black Friday and holiday shopping marketing will need to work twice as hard to make the season successful for retailers. The margin for error is minuscule.
Sophisticated bots—the preferred automation tool of cybercriminals and bad actors—have posed a threat to retailers' efforts for some time, but with such a hyper-competitive atmosphere this year, those bots can wreak even more havoc than usual. Here are five ways that sophisticated bots can turn your 2020 Black Friday and holiday marketing into a #BotFriday holiday disaster:
- Bots can snatch up your inventory and resell it at a markup. Inventory fraud is what it sounds like: fraudsters toying with your inventory levels, either by selecting items and leaving them in a cart or by purchasing limited-edition items simply to immediately resell them on a third-party market. This isn't a new frustration for most retailers with an e-commerce presence, but it's one that bots are uniquely positioned to carry out.
- Bots can take over user accounts and make fraudulent purchases. When it comes to Black Friday deals and incentives, cybercriminals will likely target folks who are doing the bulk of their shopping online for the first time. A fraudster buys a list of stolen or hacked usernames/emails and passwords from the black market, and then they set bots to trying those credential combos on websites to see which ones will work. Once inside, the fraudster can make purchases using the victim's saved credit card information (or harvest the credit cards for resale on the black market). With new data breaches making the news seemingly every other week, the market for stolen credentials is deep, and the opportunity for fraudsters is immense.
- Bots can steal marketing budgets just by filling out web forms. It's not just inventory and users' data and purchasing power that can be victimized by sophisticated bots; the marketing department can also take a hit. Bots can live on the devices that people use every day without them being aware of it, and they can collect an individual's browsing history, click on paid ads and search results, fill out forms, and reap rewards for referring a "friend" (which may also be a bot), all in the background of someone's phone.
- Bots can siphon your marketing and infrastructure budgets as you pay to store and retarget contacts. Retailers with robust retargeting systems will spend good money trying to get back in front of potential customers...who aren't real. From retargeting and lookalike audience building to email marketing and social media campaigns, staying in touch with consumers who engage with campaigns is a tactic that fraudsters don't hesitate to also take advantage of. With recent White Ops data showing that less than half of digital marketers regularly scrub their data of fake contacts, many marketers are investing to engage with audiences who aren't real. Also, you shouldn't ignore the costs of managing fake data as part of your CRM/DMP/CDP, in addition to the load of fake traffic and engagement on your web infrastructure.
- Bots can harm your reputation and create regulatory compliance risks. When bots beat humans to the punch in a matter of seconds, it can erode confidence in a retailer's brand. And beyond frustrating authentic consumers left sidelined without a fair chance to grab the latest merch or discount, retailers will increasingly need to contend with costly compliance infractions for communicating with consumers who didn't actually opt-in due to regulations like GDPR and CCPA. Those data breaches that the fraudsters harvest? In addition to being used to try and break into legitimate user accounts, they can also be used for creating a ton of fake accounts with real email addresses that don't correspond to actual consumers. Bot-driven fake accounts can pose a substantial and costly compliance risk.
In June of this year, retail websites generated almost 22 billion visits. With this year's Black Friday and holiday shopping season, and with so much uncertainty around how shoppers will respond, there's a huge opportunity for sophisticated bots to swoop in and turn your holiday season plans into a lump of coal. Check out our report on the specific fraud threats posed to retail and e-commerce brands this year.