Ad Fraud Bot Behavior On E-commerce Sites
AD FRAUD BOTBEHAVIOR ONE-COMMERCE SITES
However, though digital marketing spend bring leads by targetingand attracting new shoppers, these dollars also bring invalid clicks,namely bots, onto e-commerce sites. Bots, often maintained bysophisticated ad fraudsters are software applications runningautomated tasks, clicking on paid search ads and keywords or socialmedia promotions paid by e-retailers. The motivation: a quick meansto make money by fraudsters, depletion of ad budgets hurtingcompanies, and the skewing of these vital e-commerce metricstracked throughout e-commerce businesses.In this study we provide the first ever analysis of these bots afterclicking on e-commerce ads. This report analyzes the movementsand impact of bots, based on analysis of 30 leading e-commercesites spending on paid search and paid social ads. It reveals forthe first time the short and long-term implications of ad click botmovements in faking funnel numbers and hurting growth prospects.2 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITESE-commerce sites are spending more than ever to capture newshoppers. Taking advantage of lightspeed online shoppingtransformations brought about by COVID-19, global brands spent 58.5 billion in e-commerce advertising by the end of 2020. Theadvertising boom is fueling e-commerce sales which rose by 30.4 to 2.9 trillion worldwide by the end of 2020. Digital marketers pourmoney into search traffic (for instance Google Ad and Bing) and paidsocial channels (such as Facebook, Instagram, and Pinterest). Thisis used to ratchet up crucial e-commerce dials including customerlifetime value or average order value and bring down negativeindicators of poor shopping experiences, such as bounce rates(the amount of visitors that "bounce off" a site before buying), andabandonment of shopping carts.
METHODOLOGYThis analysis tracked every click (of a realuser or bot) for campaigns on paid searchand paid social campaigns over a week,where users visit a site or landing pagefrom creative ads.Upon clicking, the CHEQ tag activated,triggering real-time user analysis ofevery click based on 1000 cybersecurityparameters including honeypots (bot traps),OS/Device fingerprinting and dynamic codepatching. Bots are caught by a number ofidentifiers including clear data center traffic(48% of bots), VPN or location obfuscation(21%), activity-based filtration (9%) useragent analysis (7%) domain analysis (4%).Each of the companies mentioned in thisstudy have had full detailed analysis of thead fraud bot breaches revealed to them,with specific new measures to replace thisbot traffic with real human customers.3 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITESCHEQ analyzed 30 retailers spendingat least 500,000 per month on searchand paid social ad campaigns in 2020to determine the behaviour of bots andwhere they land after clicking. The analysisinvolved real analysis of bots clicking oncreative ad campaigns designed to bringnew relevant shoppers into the funnel. Thesample of leading e-commerce playersincluded a top global skin care brand,grocery sites, a DIY online marketplace,a fashion and sports retailer, a travel site,an online university, a personal financeprovider, and top provider of glasses andcontact lenses.
10% OFE-COMMERCE ADCLICKS FROM BOTS92% OF BOTS CLICK, SHOOT, AND LEAVETheir first tactic of bots to arrive at the landing page is clicking on ads paid forby e-commerce players to attracts customers. This achieves a primary goal ofwasting vital ecommerce ad budgets relied upon to bring in new customers.Bots clicking on paid search ads were found to click on branded search terms(the name of a company, business, or brand) 70% of the time. This brings atleast 1 lost to bots per click for most of the companies studied. In the caseof one fashion e-commerce site for instance "men's jacket" saw a 56% invalidclick rate, "shoe coupon" a 52% invalid click rate, and "Asics New", a 48%invalid click rate. Getting to the site has not only helped drain ad budgets,but also begun skewing metrics. Once on site, 92% of bots remain static foran average of 12 seconds, failing to click or move to a different section of thewebsite. They then click off the site, leaving 12 seconds later. Most of the samebots return to the site to further mess up metrics designed to monitor realcustomer behavior – in one case 2117 bots returned 34031 times in a week.1CHEQ and the University of Baltimore: The Economic Cost of Invalid Clicks 20204 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITESWe found that one-in-ten ad-clicks across all e-commerce campaigns is botdriven. This is in line with a recent study by CHEQ and economists at theUniversity of Baltimore which shows that overall click fraud reached 3.8billion for online retailers alone by the end of 20201. This cost represents thedirect wasting of ad budget by non-human clickers that will never convert.The rest of this study looks at how these bots interact on e-commerce sitesand the wider business damage they cause.
BOTS: MOBILEVS DESKTOPBots visitedfrom desktopSize of SectorFraud in Billonsof Dollars89%landing page visit only92%12 secondsTotal time of bot visit7 seconds90%Completely static79%22%Average bounce rate58%2%Cart or check out0.5%5 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITESBots behave differently whether they arrive via mobile or desktop. Bots time on site forwas longer for desktop visitors at 12 seconds, compared to bots arriving via mobile (7seconds). The bounce rate was 22% for bots arriving via desktop and 58% for mobilevisits. This compares to an average bounce rate of between 20% and 45% for moste-commerce sites. Overall bounce rate, the percentage of visitors who enter the site andthen leave, tended to be relatively high for bots, at a rate of 58%. Most marketers acceptthat a range of 55-65% for bounce rates shows significant room for improvement, but thehigh numbers of bots discovered shows how clearly bots affect such metrics.
In our analysis, one in every 50 bots arrivingvia paid search and paid social campaignsclick their way to a site's online checkoutpage. In our study alone this equated tomore than 3.5 million bots clicks. This hadthe effect of clogging up online baskets,causing logistical and refund challenges,and skewing vital metrics. This includedfilling out forms and making purchases.Bots analyzed affect conversion ratesincluding online sales, leads, email signups,and form completions. In the case of apersonal finance company this included"loan reverses". This saw the loan companyapprove loans based on a specifiedcriterion, only then to cancel it as detailsturned out to be fake or fraudulent.his put a massive exposure on the loanbusiness which was forced to rip up loansof those likely default on their payments. Inanother case, bots clicked on confirmationpages, engaging in chargeback fraud,where bots make a transaction and thenseek a refund. Bots were very easily ableto get past most defenses in these cases. Ifemail verification is required, the fraudstercontrols the email addresses they inputs.This can be done in various ways: buyingbulk addresses redirecting every email toan email address the fraudster controlsand automating the clicking of verificationlinks. They can often buy and use domainswith made up names to generate emails forinstance.SOPHISTICATED ATTACKS AGAINSTE-COMMERCE PLAYERSDuring this analysis, sophisticated bot rings were discovered targeting onlinecommerce sites. One ad ring used a network of infected machines, IPs, and datacenters to drain the ad spend of a big spending online company resulting inmillions of dollars of wasted spend. The techniques used by the fraudsters involvedusing a bot network and obscuring techniques to "click" on more than 20 of themost popular keywords in the sector often costing up to 30 per click.6 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITESONE IN 50 BOTSREACH CHECKOUT
The attacks on e-commerce playersdemonstrates that the sophistication ofhackers attacking marketing spend, which isused as a trojan horse to enter e-commercefunnels. For the majority of fraudsters, theautomation tools used to commit fraud areevolving without them having to do verymuch work – fraudsters just have to hideand rewrite certain elements in order toevade more and more tests. Bot-makerscreate millions of headless browsers, thatcan simulate all human-like actions suchas mouse movement, page scrolling, andclicks, to load webpages and cause adimpressions which appear human. MaliciousSDKs for advanced and AI-powered clickinjection are sold in the Dark Web to thepublic for a fairly low price to perpetrate adfraud, offering the opportunity in the wordsof the suppliers to "emulate ad clicks andhijack clicks including Google, Facebookand organic clicks." Meanwhile datacenter-dwelling bots have been replacedby fraudsters using harder to-detectresidential Windows systems running aRemote Desktop Protocol (RDP)1 connectionexposed to the Internet.This typically involves brute forcing millionRDP servers all over the world2. The activityis from a real Window with an updated, validGoogle Chrome browser. Unlike normalfraud schemes which are using bot/automation tools (Selenium, Puppeteer) inthis this case, the attack uses a legitimateenvironment (for instance an updatedChrome, Windows, and residential IP).Leading criminal lawyer Arkady Bukh, aNew York-based attorney with a history ofrepresenting suspected hackers and adfraud perpetrators from Eastern Europe,including those involved in the "Methbot"case,3 says the growth in sophistication bybad actors is marked. "There is widespreadfraud from huge amounts of traffic gettingdirected through botnets. Before, it wasboys and girls in Russia sitting in boilerrooms clicking manual clicks in order to getapparent traffic to defraud affiliates. Now it’sdone by bots.”2RDP is a remote desktop protocol, providing a user with a graphical interface to connect to a differentcomputer over a network connection. Although without controls it can be a significant security risk. See forexample GoldBrute, the botnet searching for RDP connections goldbrute-botnet-rdp/3The Methbot case is estimated to have cost marketers at least 3 million dollars each day the botnet operated7 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITESRISING BOTSOPHISTICATION
BOT DEFENSESSimilarly, penetration tests carried outshow that Captchas, forcing user tests todetermine whether or not the clicker ishuman, are very easy to bypass. Vendors,including 2Captcha ( 0.77 per 1,000Captchas) have more than 2,000 workersonline solving them, which fraudsterscombine with automated software. Thecombination of software and APIs forinstance allow for fast account creationsto appear as human, with new accountson Reddit easily created using dev opssoftware such as Puppeteer alongside such8 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITESDespite the vast leaps in sophisticationand overtly criminal behavior observed, wediscovered that certain outdated defensesagainst bot activity remain. For instance,the concept of "hidden fields" were stillused. This defence maintains that whilereal shoppers do not see hidden fields,spam bots are drawn to them, fill them out,and reveal themselves. However, these havebeen shown to have limited effects, andonly for low IQ bots, which are no longerthe standard. If a bot has a more specificpurpose and money has been spent indevelopment to target such enterprisecustomers, such bots will know what toclick, and what to avoid.
We see in our analysis the appearance ofbots made to order, deliberately designedto appear human-like, targeting pricy adcampaigns. To take only one example, thebot bounce rates are would not attracttoo much attention. Though the botscontributed higher bounce rates thanindustry averages, bot movements on andoff sites, remain within a human range.Indeed, bot movements are deliberatelycreated to mimic human clicking. Criminalshave access to an untold number ofmalware-infected devices across the globeto this end. These are used to track, study,and incorporate real-world human activity,such as non-linear mouse movements.4To this is added stolen credentials, whichare numerous and cheap – tens of billionsof credentials from successful attacks areavailable on the dark web, with as many7.9 billion records exposed in the first ninemonths of 2019 alone.4 In the words ofindependent ad fraud expert Dr AugustineFou: "Bots love to click on ads. In fact,they would click on every ad if they could,but 100% click through rates would betoo obvious, even to marketers that onlyoccasionally pay attention. So, bots dialtheir clicking back so that an average of 5 15% click through rates are seen in reports.Compared to click through rates fromhumans (in the 0.1% - 1% range) these lookspectacular.”Risk Based Security, Q3 2019 Data Breach Report, November 2019.9 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITESMADE-TO-ORDERBOTS TARGETINGCAMPAIGNS
8 BOTS CAUGHTON E-COMMERCESITESBased on the undercover movement of bots clicking and scrollingbeneath the surface of e-commerce sites, we identified 8 bot typesliving rent free on e-commerce sites.2 % of bots arrived to the online cart, hurtingconversion metrics. We found multiple cartssimultaneously being loaded up with items,which can cause infrastructure and softwareslowdowns.2. RETURNERSThousands of different bots returned severalhundred times. Not content with simplyhurting spend, these bots became thesubject of retargeting campaigns designedto reach real shoppers. On one site forinstance, 2117 bots returned 34031 times.10 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITES1. CART BOTS
3. SCRAPERSScraping is the automated collectingby bots of large volumes of data fromweb pages and applications. There wasan average of 5000 clicks on one sitegenerated by scrapers. One businessdriving users to its recipe sites discoveredthat bots were stealing and monetizing thisquality content through online advertising,hurting their rankings andOne in five bots used VPNs or otherlocation obfuscation methods to pretendto be US, UK or Japanese shoppers. In factthe attack was located located in countriesthat the e-commerce player did not shipto, including Pakistan, and Vietnam. In onecase a top global skin care brand analyzedspent hundreds of thousands of dollarson PPC spend suffered from maliciousVPN and data center traffic. One of theworld’s largest DIY marketplaces, spending 2.5million a month, saw more than14,000 invalid clicks, with users deployinga VPN to mask their location, primarilyfrom China and Malaysia (masking theirlocation as UK buyers).5. HEARTBREAKERSRetargeting aims to get website visitors whodidn't convert back to your site by showingthem relevant ads. One in five marketershave a dedicated budget for retargeting.But it can be heartbreaking when moneyand attention is used to reach returningbots. In one case an online e-commerceplayer wasted 3500 retargeting bots thatvisited the site.11 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITES4. LONG DISTANCE LOVERS
6. CHARGEBACKERSCHEQ found that bots clicked onconfirmation pages, engaging inchargeback fraud. This is where bots makea transaction and then seek a refund. Onelarge company spent 7million a monthon paid search and paid social mediachannels. Our analysis found thousands ofinvalid clicks on their confirmation pages,indicating chargeback fraud.Bots also generated fictitious reviews,damaging reputations for service-drivenecommerce players. It has been shownhow easy it is for bots to write fake reviews(positively for inflating companies) ornegatively against busineses. Fake reviewsbot-driven services are common on the darkweb, including generating fake app ratings.In the analysis of our travel site, we found2500 invalid clicks from bots generatingfictitious reviews.8. SIT-IN BOTSSit-in bots for the most part just clickedon to the landing page and chill. They arecontent to waste the business budget of theretailers. They also serve to hurt core metricsrelied upon by e-commerce businesses.12 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITES07. CRITIC BOTS
HOW BOTS SKEWVITAL E-COMMERCEMETRICSBy identifying this bot behavior, it soon becomes clear how easily e-commercebusiness metrics are fooled due to sophisticated bad actors and armies ofbots on sites. E-commerce players and marketers rely on e-commerce metricswhen determining where money is spent on campaigns, and providing futureassurance to investors and shareholders on the success of marketing efforts.E-commerce bounce rates suffer when bots click on and off landing pageswithout engagement. Our analysis shows that the average bot actually stayson site for between 7 seconds (mobile) and 12 seconds (desktop). This is ahigh bounce rate but is designed deliberately by fraudsters not to arousesuspicion.2. CART ABANDONMENT RATEThe abandonment of shopping carts – that is a user skipping after addingitems - is a 4 trillion problem for e-commerce, with bots playing a significantpart in this headache. With 2% of bots heading straight to the cart or checkout,billions of dollars could be shaved off the large global shopping cartabandonment rate through measures to reduce bots in carts. In addition, whilehumans abandoning carts can return to buy, bots will not. Retargeting canoften lead to simply throwing good money after bad bots.3. CONVERSION RATES DROPConversion rate refers to the percentage of your visitors who take an actionon your website. This action can be anything, such as signing up for an emailnewsletter or making a purchase. Removing bots can be a powerful means toimprove conversion rates. Say that you get 20,000 visits to your website andthat 2% of visitors convert and buy a 100 product, you will make 40,000. Ifyou increase your landing page conversion rate by just 0.5% by preventingthousands of bots clicking, you will make an additional 10,000.13 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITES1. BOUNCE RATES
4. COST OF CUSTOMER ACQUISITIONCustomer acquisition cost – also referred to as CAC – is how much moneyit takes to “buy” a customer. This helps us plan how many customers wewant to acquire in a certain time period and allocate our marketing budgetappropriately. When companies understand the levels of bots that can beremoved, you may be able to reduce the costs of getting real customers. This,in effect, replaces hundreds of bots with real customers. Those not tacklingbots are likely to see diminishing returns for marketing dollars.5. CUSTOMER LIFETIME VALUECustomerLifetime Value (CLV) is crucial in determining your business’ present and futuresuccess. It is an often-overlooked metric that can accurately predict how muchyour customers are really worth. Bots skew the data, particularly when in 2%of cases they end up checking out on your e-commerce sites or taking partin chargeback frauds which then have to be deducted post-purchase fromAverage order value (AOV) is a useful measure of how much shoppers arespending. AOV is a simple calculation: the amount of revenue generateddivided by the number of orders received. By replacing bots with realcustomers, the average order value of this metric is likely to increase sharply.14 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITES6. AVERAGE ORDER VALUE
The impact of removing bots from the e-commerce equation can behighly impactful. Reinvesting 14000 spent on bot clicks and replacingthem with real human customers is expected to bring the averagee-commerce player 163 additional customers a month. This is basedeven on a conservative estimate that only 55% of bots will be preventedthrough cybersecurity-based blocking shown in this analysis. In addition,retargeting which represents 4% of media spend across our companies,will become far sharper - targeting humans rather than new or returningbots. In the case of an online education portal, we found that removing1213 bots per week with real leads, equated to 788 real human learners,10 new enrollments and 150,000 more revenue per month. The methodsof bot removal also alerted our e-commerce players to other types of fraud– whether bot or not. This included instances of partner and affiliate fraudand long-term challenges from affiliate partners.15 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITESRESULTS FROMPREVENTING BOTCLICKS
Improving marketing processes is taking center stage at a timewhen marketers are required to justify every single dollar ofspend. E-commerce has seen a rising amount of opportunityduring COVID-19. Indeed according to consultancy McKinsey inMay 2020, e-commerce vaulted five years forward in consumerand business digital adoption in a matter of around eight weeks.But growth nevertheless remains precarious, not least with freshe-commerce challenges such as record online competition, andrapidly changing consumer behaviors.5 Added to this is a new waveof highly sophisticated bots surfing on waves of rising ad spend.Every invalid click delivered by such bots represents ad spendthat is not generating genuine advertising engagement. Puttingmoney into serving bots is even more counterproductive when real(human) customers desperately need to be ushered into funnelsand buy things, in a period when marketers and CEOs are feelingthe pressure to hit core metrics. Removing this unnecessary wastageand replacing bots with qualified prospects will give a significantadvantage to players to achieve growth in a rapidly shiftinge-commerce landscape.5Shopify, the future of eCommerce in 202116 AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITESCONCLUSION
AD FRAUD BOT BEHAVIOR ON E-COMMERCE SITES E-commerce sites are spending more than ever to capture new shoppers. Taking advantage of lightspeed online shopping transformations brought about by COVID-19, global brands spent 58.5 billion in e-commerce advertising by the end of 2020. The advertising boom is fueling e-commerce sales which rose by 30.4
Types of economic crime/fraud experienced Customer fraud was introduced as a category for the first time in our 2018 survey. It refers to fraud committed by the end-user and comprises economic crimes such as mortgage fraud, credit card fraud, claims fraud, cheque fraud, ID fraud and similar fraud types. Source: PwC analysis 2
Types of economic crime/fraud experienced Customer fraud was introduced as a category for the first time in our 2018 survey. It refers to fraud committed by the end-user and comprises economic crimes such as mortgage fraud, credit card fraud, claims fraud, cheque fraud, ID fraud and similar fraud types. Source: PwC analysis 2
Thank You – BOT-116T Note – BOT-116 Lily of the Valley Mother’s Day – BOT-115M Note – BOT-115 Tomato Thank You – BOT-118T Note – BOT-118 . Folded note cards letterpress printed on 100% cotton paper, accompanied by A2 en
Card Fraud 11 Unauthorised debit, credit and other payment card fraud 12 Remote purchase (Card-not-present) fraud 15 Counterfeit Card Fraud 17 Lost and Stolen Card Fraud 18 Card ID theft 20 Card not-received fraud 22 Internet/e-commerce card fraud los
The D-Bot printer is based on cfeniak’s C-Bot printer, which was designed with the goal of making a robust scalable Core-XY 3D Printer. The D-Bot is just one example of a printer which uses that base design and builds upon it. The original C-bot design featured a cantilevered bed
Set up a suitable mat e.g. Shape Mat (smaller ones are probably better) and check that Blue-Bot connects to the app. Open the app, select the appropriate mat, then choose 'Explore Mode' and 'Step by Step'. Activity Introduce Blue-Bot and the Blue-Bot app. Explain that Blue-Bot is a floor robot which can be controlled from a tablet/computer.
The variety of bad bot attacks is more diverse in e-commerce than in many other industries. In previous bad bot reports, the proportion of bad bots amongst e-commerce companies was 18.0 percent3, which was better than the average for all industries of 20.4 percent. "Bad bots comprise 20.4 percent of all web traffic." 2019 BAD BOT REPORT:THE BOT
Detection of Fraud Schemes Fraud is much more likely to be detected by tips than by any other method. 2012 Association of Certified Fraud Examiners, Inc. 26 Detection of Occupational Frauds 2012 Association of Certified Fraud Examiners, Inc. 27 Why Employees Do Not Report Fraud According to a Business Ethics Study (Association of Certified Fraud Examiners), employees do not .
