What are Denial of Inventory and Scalping Attacks?
In denial of inventory attacks, bad actors use malicious hoarder bots to an item thousands of times to a shopping cart over the course of a few days until the item’s inventory is depleted. By hoarding a high-demand product, bots keep it out of stock, annoying customers, taxing your infrastructure and reducing conversions and revenue.
In scalping attacks, cybercriminals unleash automated scalping bots to buy sought-after products, such as limited editions of sneakers, concert tickets, designer clothing or hot toys. They set up fake accounts that browse product pages and execute checkouts to increase their chances of success. Then, after they’ve snapped up your best inventory, it is sold at inflated prices on third-party sites or the black market.
Denial of Inventory and Scalping Show No Signs of Slowing Down
The appetite for limited-edition collectibles is increasing. Today there is a $42 billion global market for selling and reselling sneakers. Unfortunately, for hot product sales, up to 90% of actual checkouts can be non-human. Attackers keep up with the latest technology, using sophisticated bots that impersonate real users and legitimate system behaviors to evade detection. Denial of inventory and scalping attacks are very common in the e-commerce and travel and hospitality industries.
How are Companies Fighting Scalpers and Hoarder Bots?
Despite the growing sophistication of bots, many retailers still rely on traditional signature-based recognition methods that utilize a static database of known bad bots. This is ineffective because modern bots are quick to morph. Site owners have trouble keeping up with the development of bots due to outdated protection tools so their site remains exposed to these attacks. Sophisticated bots are able to evade detection from web application firewalls (WAFs) and basic bot detection tools by mimicking human behavior.