In a world where e-commerce is growing exponentially, marketers are being thrust into a whole new set of web-centred problems, primarily through bots & fake users. So much so that 27% of all organic and direct web traffic comes from them. This type of traffic termed invalid traffic (IVT), aims to pollute companies marketing funnels and affect their KPI.
These bots and fake users encourage marketers to make decisions based on false and contaminated data by appearing as legitimate leads and engaged potential customers. Marketing budgets aren't going to be optimised as a result, and these polluted audiences become no longer valid.
Who is making these bots and why?
Ad fraudsters, ad budget hunting companies and dark web developers are the main culprits attacking websites. These bot makers can create millions of headless browsers that have become so sophisticated that they can replicate human mouse-clicking, site scrolling, ad clicks, write reviews, and even carry out transactions.
By trawling websites and acting as potential customers, these bots can steal credentials, which can then be purchased on the dark web while draining companies marketing budgets. It is a lucrative market as many money-grabbing companies out there have no remorse in putting legitimate businesses futures in jeopardy if it guarantees them revenue.
Types of Bots on E-Commerce Sites
Shopping Cart Bots
These shopaholic bots hunt conversion metrics by adding items to multiple baskets and causing website lagging for human customers. The goal is to slow the webpage so humans have a negative on-site experience and abandon their purchases.
Return Bots come back to the site multiple times in a bid to damage metrics designed to monitor human customers behaviour. Bots have become so sophisticated they can move on and off-site in a pattern that mirrors human clicking. They affect bounce rates through their incessant clicking and lack of engagement.
Like a trawlboat, these bots scrape a large amount of data from web pages and applications. In doing so, they can steal exclusive content and sell it on, affecting the companies reputation and customers data protection.
VPN Hider Bots
These bots use a VPN to obscure their location, posing as customers in potential new markets or the demographic a company is looking to engage. These bots can lead businesses to think they have a new, engaged following in a specific location and then spend money targeting ads that reap no returns.
The purpose of retargeting ads is to draw back potential customers who have visited the site before. Like returning bots, they come back to site and give the impression they are interested. Businesses then waste retargeting money targeting these bots who will never purchase.
Similar to shopping cart bots, these guys take it to the next level and actually make a transaction and then seek a refund, engaging in chargeback fraud. Through their false purchases, these bots skew the customer lifetime value (CLV) - the metric to gauge how much your customers are worth. They also impact the average order value (AOV), which helps to see how much customers are spending.
These little scribes can damage businesses' reputations by falsely inflating companies or wrongly slandering them. They do so by writing fake reviews and creating false app ratings.
Click & Chill Bots
Here for a long time, not a good time these bots click on a website landing page and hang about. They look to hurt core metrics, waste budgets and damage conversion rates by lingering aimlessly.
What can I do to stop them?
There are some basic defences against IVTs, such as 'hidden fields', which draw bots in whilst remaining invisible to human customers. However, this concept has been proven largely ineffective as they only work for bots with low IQ, which is no longer industry standard. Another largely ineffective method to block IVTs is penetration tests. Now, these are defences anyone who has ever shopped online will be aware of. How often has a web page asked you to 'click all the lamposts' or 'highlight every zebra crossing'. Unsurprisingly, many sophisticated bots know a lamppost when they see one and can evade this test.
These tactics may provide more fruitful results:
Our web development team recommends the newest version of Google reCAPTCHA to block spam and abuse from your site.
Block known hosting providers & proxy services
Many hackers aren't that polished and use accessible hosting and proxy services. If you disallow access to these sources, it is a significant deterrent.
Protect every entry point
Where possible, share blocking information between systems. It is pointless to protect your website if you're leaving APIs and mobile apps exposed.
Be wary of spikes
Whilst we don't want to put a dampener on those masses of unexpected customers heading to your site, it could be that they are, in fact, bots.
Pay attention to public data breaches
When something comes out in the news relating to data protection breaches, pay attention! It is likely these newly stolen credentials will still be active and bots will be trying to run them against your site. It is good to use platforms that don't store customer data or platforms that deal with it themselves.
Accept spam is a fundamental and unavoidable aspect of e-comm
It may be a sad truth, but as it stands, there is no way to be 100% spam free, even with the most up-to-date and advanced defences in place. With e-commerce comes a certain amount of spam that does skew metrics and businesses need to take their stats with a pinch of salt. This isn't necessarily a bad thing, however. Bots lead marketers to make more cautious, considered business decisions and encourage companies to refine their processes more frequently.
Want to see how we can grow and scale your brand? Get in touch today!