Six Cyber Threats Facing Retailers This Black Friday, Cyber Monday


From Black Friday to Cyber Monday, the retail ‘holiday weekend’ following Thanksgiving makes up the largest shopping event of the year and is when many retailers enjoy their strongest sales of the year. And for many retailers and consumers alike, it’s an increasingly online affair.

Deep discounts still get customers out to brick-and-mortar stores, but many shoppers won’t leave the comfort of their homes to do their holiday shopping. Last year,  American consumers spent approximately $20 billion online during the three days from Black Friday to Cyber Monday, and experts expect spending to surpass that in 2022.

But where the money goes, cybercriminals typically follow, and cybercriminals and bad actors have found plenty of ways to take advantage of retailers’ investments in Black Friday through various forms of bots, web scrapers, and fraudulent traffic.

Last year, we investigated bot activity on Black Friday and found that bots and fake users made up 35.7% of all online shoppers on Black Friday. Among the forms of fake traffic we uncovered were malicious scrapers and crawlers, sophisticated botnets, fake accounts, click farms, proxy users, and illegitimate users committing eCommerce-related fraud.

This Black Friday, online retailers need to be prepared to face a litany of bots, bad actors, and cybersecurity threats. Let’s examine some of the most common threats facing retailers this holiday season.


Account Takeover (ATO) Attacks

Account Takeover (ATO) Attacks occur when bots or attackers log into legitimate accounts in order to access and control them, either by attempting to login using a list of stolen user information purchased on the dark web (credential stuffing) or through brute force attacks (cracking).

Once in control, bad actors may leverage the stolen accounts to make fraudulent transactions or steal discount codes, cashback balances, or even personally identifiable information (PII) and financial data.

To mitigate these threats, retail security teams must prepare by identifying typical ATO tactics, tools, and campaigns in order to minimize exposure and increase reaction time.

Distributed Denial of Service (DDoS) Attacks

DDoS attacks aim to disable a target website or application by flooding it with a massive volume of fake traffic, frequently carried out by massive botnets, in order to use up the target’s upstream bandwidth or overwhelm supporting network infrastructure and taking it offline. For retailers, a DDoS attack can slow traffic to a crawl, or even render a website or app unusable for potential customers, and of course, a customer who can’t access your store can’t make a purchase.

11.3% of inbound traffic is fake or fraudulent. Download our Free State of Fake Traffic 2023 report to learn more.

Cart Abandonment

Cart Abandonment attacks occur when bots add large quantities of products to shopping carts, this removing them from site inventory, and then abandon those carts without completing the transactions, effectively removing the availability of high-demand products. These attacks can be leveraged by competitive interests or hacktivists in order to drive traffic away from a certain business.

Ad Injection & User Journey Hijacking

During the holiday season, every type of company with a retail presence on the web boost their budgets considerably for advertising campaigns to attract as many new and returning customers as possible. Unfortunately, bad actors are working just as hard to steal your hard-earned customers.

User journey hijacking or ad injection is the illicit use of injected third-party software which redirects the customer during the shopping and checkout process, either through fake ads or other means, thus disrupting the e-commerce flow and attracting them to visit another site.

User journey hijacking causes higher cart abandonment, lower conversion rates, and higher cost of conversion.

A site visitor is not aware that it is happening since the injected ads look like a native component of a website, so a potential customer is most likely to click on these ads.  The alarming fact is that these visitors are usually the highest-converting customers.

Content and Price Scraping

Web Scraping is the process of extracting content and pricing data from a website without permission from the site owner in order to stand up fraudulent e-commerce sites to steal customers and sales. Scraping is performed by automated bots programmed to recognize and extract specific data. Some bots may also create fake accounts to gain deeper access to a site. After scraping a site, hackers may use the stolen information on their own site or create an exact copy of the victims’ store in order to fool visitors into handing over payment card info.

Fake Account Registration

The process of creating a new account for a service, software, or store is designed to be a relatively frictionless process. Attackers take advantage of the ease of the process, using fake or stolen identities to create hundreds or thousands of new user accounts for future use.

This practice can be overlooked, as the creation of new accounts is a positive metric. Attackers can use these accounts to abuse your marketing promotions, validate stolen credit card information, make fraudulent transactions, or sell them to another cybercriminal.

Protect Your Revenue with Go-to-Market Security

For businesses serious about protecting their pipeline, a comprehensive go-to-market security platform will help automatically detect and block invalid traffic in real-time.

CHEQ leverages thousands of security challenges to evaluate site traffic in real-time, determine whether a visitor is legitimate, suspicious, or invalid, and take appropriate action in blocking or redirecting that user. For paid traffic, CHEQ automatically updates IP exclusion lists to reflect the constantly changing threat landscape, saving you valuable time and ad spend.

Book a demo today to see how CHEQ can protect your go-to-market efforts.

Latest Posts

Block invalid traffic with CHEQ Essentials