UK Shoppers Frustrated as Bots Snap Up Popular Christmas Gifts – Source: www.infosecurity-magazine.com

Almost three quarters of UK consumers (71%) believe malicious bots are ruining Christmas by snapping up all the most wanted presents, according to research by Imperva.

The company warned that ‘scalping’, the practice whereby cybercriminals use bots to buy items from online retailers and sell them for a profit on resale sites, is only set to get worse this Christmas.

In the UK, 204 of consumers have reported that when attempting to buy a gift they have found it to be completely sold out with 19% being forced to buy a more expensive alternative.

Meanwhile, 10% found themselves buying the gift from a secondary marketplace at an inflated price.

Analysis shows that once an item is listed on a resale site, the cost can increase by as much as 105% during the holiday period.

Tim Ayling, VP EMEA at Imperva, commented, “With so much shopping done online now, the scale of this problem has ballooned, with automated bots able to scalp the most in-demand presents for a healthy profit. AI is making the situation even worse, making bots faster, more targeted and more effective, leaving an increasing number of disappointed children or parents out of pocket.”

As well as driving up the cost of Christmas for consumers, AI-powered Grinch bots also have a negative impact on retailers’ reputations and profits, with customers looking elsewhere if their desired gift is sold out.

“Retailers have a duty of care to protect customers from scalping and inflated prices, particularly around Christmas,” said Ayling. “By identifying high-risk areas and analyzing buying behavior, retailers can limit the amount of bot traffic on their site. This will be vital moving forwards as AI bots will only get better at scalping as they mature, and companies that don’t have measures in place now will lose customers to rivals.”

Tips For Retailers to Thwart the Bots

In response, Imperva has five tips for retailers looking to protect their customers this holiday season:

• Identify risks and evaluate traffic: Find site vulnerabilities like login endpoints, account creation pages, payment forms, and product pages—common bot targets for scalping. Track failed login attempts and traffic spikes, which may indicate bot activity. Use traffic analysis tools to distinguish bots from legitimate users and respond quickly to suspicious behavior
• Block outdated user agents: Many bots use outdated browser versions, lacking the latest security updates. In contrast, human users are typically forced to auto-update their browsers to newer versions. Block user-agent strings from browsers outdated by over three years and use CAPTCHA for those outdated by two years
• Limit proxies: Bots often use proxy services to mask their origins with bulk IPs, making detection harder. Restrict access from bulk IP providers like Host Europe GmbH, Digital Ocean, and OVH SAS to reduce bot traffic
• Implement rate limiting: Rate limiting controls traffic flow by capping user requests within a set timeframe, protecting resources and ensuring site responsiveness. This helps prevent bot attacks like brute-force logins or carding attempts
• Look out for signs of automation and headless browsers: Modern bots often use headless browsers like Puppeteer and Selenium to mimic human behavior. Detect them by monitoring for rapid clicks, fast navigation, or abnormal patterns. Focus on these signs to block bots and ensure a smooth experience for genuine users

The results are from a survey of 2000 UK adults conducted by Opinium and commissioned by Imperva from November 26 to November 29, 2024.