Holiday Bot Trends: Black Friday and Cyber Monday

The five days from Thanksgiving to Cyber Monday are one of the biggest shopping periods of the year. Consumers spent $35.3 billion this year, $1.4 billion more than in 2021. And that means that HUMAN protected even more e-commerce revenue from bad bots.

As with any major online shopping event, e-commerce businesses saw an influx of not only legitimate human buyers, but also automated bots. Cybercriminals target major sales events to launch digital attacks in an attempt to make fraudulent purchases and steal personal data.

The Satori Threat Intelligence and Research team witnesses firsthand the bot and human activity that takes place during cyber week. This year, we saw that cybercriminals launched early attacks in advance of Black Friday and Cyber Monday, which sometimes exceeded attacks during the sales themselves.

Holiday Season Web Traffic

In the past, overall traffic remained steady throughout November and spiked on Black Friday and Cyber Monday. This has changed in recent years. As online businesses host earlier and earlier sales, consumer traffic has become more dispersed throughout the month of November. 

Traffic started to increase steadily around mid-October this year (marked by the blue dot on the following graph), corresponding to the early start of the holiday shopping season. However, traffic more than doubled on Black Friday and peaked again on Cyber Monday (the two red dots on the graph).

Fig 1 - Web Traffic

Fig. 1 - Web traffic to e-commerce sites over last 90 days

Account Takeover Attacks

We saw a steady increase in malicious login attempts starting in September, with a sharp peak in mid-October. Malicious login attempts accounted for more than 30% of login attempts, up from 15% in September. Attackers were likely trying to get a large number of stolen accounts in advance of the holiday shopping season, so they could sell them on the dark web right before cyber week. 

Fig 2 - Account Takeover

Fig. 2 - Malicious login attempts against e-commerce sites over the last 90 days 

Cybercriminals can use compromised accounts to make fraudulent purchases with stored payment data during holiday sales. This corresponds to the peaks in malicious login attempts that occurred on Black Friday and Cyber Monday, when attackers tried to use the stolen accounts.

Fig 3 - Percent Account Takeover

Fig. 3 - Percent malicious login attempts out of total login attempts against e-commerce sites over the last 90 days

Looking at malicious login attempts against total login attempts shows just how common these types of attacks are. The fact that the percentage remained steady means that malicious attempts kept pace with the increase in total traffic.The only sharp decrease occurred on cyber monday, likely because legitimate traffic surged that day. 

Carding Attacks

Carding attacks using both credit cards and gift cards had a few clear peak periods. The first wave occurred in early November, when the percentage of malicious attacks out of total attacks rose 350%. During this period, attackers made “dummy purchases,” low-value transactions of random items, to determine if stolen credit card and gift card numbers were valid. 

Fig 4 - Carding Attacks

Fig. 4 - Carding attacks against e-commerce sites over the last 90 days

A second set of spikes happened during Cyber Week when the cards were used during the sales themselves. However, a similarly large increase in legitimate purchase requests meant that the percent of malicious carding attacks remained stable.

Fig 5 - Percent Carding

Fig. 5 - Percent checkout attempts out of total checkout attempts against e-commerce sites over the last 30 days

We also saw a 900% increase in carding attacks on the days following Cyber Monday. This high attack is likely due to attackers continuing their efforts into the rest of the holiday shopping season, while legitimate traffic slowed after the Cyber Week spike. 

Cyber Week in Review

Both malicious login attempts and carding attacks increased during Cyber Week this year. However, the data show that such attacks aren’t limited to the holiday season. As online sales start earlier and earlier — and as businesses continually host sales to attract customers all year round — sophisticated cybercriminals will continue to target e-commerce sites with attacks. And e-commerce brands need to remain on alert.

The Satori team sits at the forefront of threat intelligence. Our unique insights directly inform our product capabilities. Some of the largest brands on the web trust HUMAN Bot Defender to safeguard their e-commerce websites, mobile applications, and APIs from the most sophisticated bot attacks on Black Friday, Cyber Monday, and beyond. We protect customers with Modern Defense, enabling us to disrupt the economics of cybercrime by increasing the costs to cybercriminals and reducing the cost of collective defense.