February 15, 2018
Fraudsters are increasingly using bot attacks to test stolen identities and payment cards. In the fourth quarter of 2017 alone, antifraud technology provider ThreatMetrix detected around 840 million bot attacks aimed at merchants on its network. That matches the number of bot attacks the company detected during the entire year of 2016. For certain merchants at certain times, the company said, bot attacks can account for 90 percent of a Website’s traffic.
In its Q4 2017 Cybercrime Report, ThreatMetrix identified charities as the vertical most at risk of bot attacks. The sector has experienced a high volume of $1 to $5 donations, many of which are fraudsters testing the validity of stolen credentials.
“Cybercriminals are using bots on a mass scale to test and spoof identity credentials, often as part of a global, cross-border attack,” ThreatMetrix said in its report. “Bot attacks continue to evolve from their basic velocity-based functions, to complex bots that are used in more advanced ways to spoof IP addresses, emulate browsers or spoof apps, to masquerading bots, that are attempting to mask their true context and pretend to be legitimate user traffic. In the past these bot spikes have tended to be short and sharp bursts of activity lasting a day or two; this quarter has seen more frequent and sustained peaks in bot activity.”