The four biggest holiday cybersecurity threats are…

Online holiday fraud is on the rise, especially in four key areas.

According to the “2022 Holiday Bad Bot Report” from cybersecurity company Kasada, online retailers should pay extra attention to posed by gift card fraud, fake account creation, “freebie bots,” and scraping attacks this holiday season. Following is a brief overview of Kasada’s findings about each specific holiday cyber threat:

Gift cards

Since gift cards have fewer protections than other payment methods, Kasada says fraudsters favor them, as they can anonymously obtain quick cash through irreversible transactions or by reselling stolen cards. Kasada’s threat intelligence saw a 6x spike in automated gift card lookups during the 2022 holiday shopping season, which it identifies as a key indicator that fraudsters are using bots to identify and steal gift card balances.

Fake accounts

Kasada found a 3x increase in fake account creation the week before Black Friday and a 40% increase from Black Friday to Cyber Monday. Fraudsters generally create fake accounts in the run-up to Black Friday so they have well-established aged accounts that blend in with legitimate customer accounts, according to Kasada.

‘Freebie bots’

“Freebie bots” is Kasada’s term for bots that scan hundreds of retailer sites for mispriced items and purchase them in mass quantities. Research from Kasada indicates freebie bot usage is surging this holiday season.

For example, within one online community, Kasada tracked freebie bots successfully purchasing over 40,000 mispriced products during the Thanksgiving shopping weekend, totaling over $1.1 million in retail value for $134. These items can then be resold for large profit.

Scraping attacks

Scraping attacks grew 43%, with more than 3 million scraping requests made each day in the days leading up to Black Friday, according to Kasada analysis. Scraping bots capture real-time data that is used by competitors to undercut pricing.

In addition, fraudsters use scraping as the basis for counterfeit websites that trick unsuspecting consumers into making a fraudulent purchase or providing their credentials. Previous Kasada research showed that nearly 40% of companies reported a 10% or greater loss of revenue due to web and API scraping.

Over the course of the holiday shopping season to date, Kasada found that 49% of all bot-driven attacks originated from the U.S. The U.K., Canada, Australia and South Korea rounded out the top five. Kasada observed a 50% increase in bad bot activity during Black Friday week (the five days from Thanksgiving to Cyber Monday).

[Read more: Study: Automated fraud poses substantial risk to online retailers]

“Retailers have to deal with bot attacks every day, but the increased activity we’ve seen during the holiday shopping season truly highlights just how extreme the problem is,” said Sam Crowther, CEO and founder of Kasada. “As they say, follow the money. If there is an opportunity for profit, bots will be there, looking for every way possible to exploit a retailer’s business.”

To download the full Kasada 2022 Holiday Bad Bot Report, click here.