Study: Bots pose major online fraud threat
Cybercriminals are having success launching attacks on retail websites with AI-based bots.
Nearly all (95%) advanced bot attacks go undetected on websites and more than 65% of websites are unprotected against simple bot attacks, according to the "Global 2024 Global Bot Security Report" from cyberfraud protection platform DataDome
The study, based on DataDome Advanced Threat Research large-scale analysis of more than 14,000 websites, found that the luxury and e-commerce sectors are at the highest risk for online fraud. DataDome analysis indicates that only 5% of luxury brand websites and 10% of e-commerce websites are fully protected against bad bots as the holiday shopping season approaches.
In addition, advanced bots, designed to bypass traditional CAPTCHAs (cybersecurity measures using human response, such as identifying number, letters or pictures) by leveraging AI-powered "bot farms” to solve them in real-time, were found to only be detected by site protection less than 5% of the time.
Even among tested domains using some form of specialized bot protection, bots were still able to completely penetrate 45% of sites. Fake Chrome bots remain the most difficult type of simple bot to detect, according to DataDome.
Looking at geographic cyberfraud trends, DataDome found that regionally, Europe is the least protected against simple bot attacks, with 68% of websites unprotected and only 8% fully protected. North America follows closely behind, with 64% of websites unprotected and only 9% fully protected.
"Consumer-centric industries are highly vulnerable to malicious bot activity and face increased risks of financial loss, data breaches, and reputational damage," said Antoine Vastel, VP of research, DataDome. "As our research reveals, the low barriers for creating and deploying bad bots have made them a favored tool for fraudsters seeking to exploit high-traffic websites. Needless to say, the need for robust, multi-layered bot protection has never been more urgent."
Signifyd: Generative AI is an issue
According to the recent Signifiyd "State of Fraud and Abuse 2024" study, the increasing involvement of global crime rings and use of generative AI are resulting in an "industrialization" of online fraud. Attempts at placing fraudulent orders increased 19% in the first half of 2024 compared to the previous year, according to Signifyd data.
The Signifyd study also showed that AI-based bot-driven fraud attacks against retailers increased every month year-over-year between August 2022 and April 2024, peaking with a 137% spike in January 2024.
[READ MORE: E-commerce fraud grows in scale and sophistication]
