E-gift Card Bot Attacks – A Deep Dive
E-gift card bot attacks – deep dive. Learn about tools and techniques that are used for these attacks, real attack examples, and how to protect from these attacks.
Though e-gift card bot attacks tend to stay fairly steady in the e-commerce vertical, since the COVID-19 lockdown, PerimeterX researchers saw a skyrocketing increase of 820% in such attacks , mainly in online food delivery services. In the graph below the blue line represents the legitimate traffic on e-gift card pages of multiple large online businesses, and the red line is the malicious automated traffic.
While some attacks are short and concentrated, other attacks are “low and slow,” with spikes from time to time. The sophistication of the attacks also varies, when some of the attacks tend to be more primitive or opportunistic, while other attacks are highly sophisticated, mimicking human behavior and being “custom made” for the targeted application and its specific bot protection.
In one example, a sophisticated e-gift card attack on a top five US retailer lasted around two months—a very long time for a massive bot attack. During this time, tens of thousands of requests to e-gift card pages were malicious.
Another interesting case is a top ten travel brand. This company’s e-gift card page was attacked recently, when the malicious traffic spiked, and reached up to 99% of the total traffic to the e-gift card page.