• by Laurie Sullivan  @lauriesullivan, December 28, 2020

Cybersecurity CHEQ company uncovered a sophisticated ad-fraud bot scheme that attacks ecommerce sites as more consumers shop online.

CHEQ analysts studied the pay-per-click (PPC) ad-fraud effects of 30 ecommerce companies spending at least $500,000 monthly to bring in new online shoppers during 2020.

The increase in ecommerce will require support for fraudulent activities. And beyond the immediate waste of budget, CHEQ founder and CEO Guy Tytunovich addresses the challenge of the hidden activities of bots, from filling up carts to scraping content. All this will have a long-term negative impact on the industry.

Despite the pandemic, Tytunovich believes ecommerce companies will continue to spend their advertising budgets on paid-search and paid-social campaigns, but the challenge of sophisticated bots entering funnels must be addressed.

Brands are estimated to spend $58.5 billion on ecommerce advertising in 2020, responding to the increase in online shopping, according to the Global Advertising Trends report from WARC Data.

The report tracked the journey of bots clicking on paid search and social media ads designed to attract customers to sites. This time bots clicked on ads in a bid to deplete marketing budgets, skew vital metrics, clog up online baskets, scrape content and other intellectual property for monetary gain, and create damaging fake reviews. 

In fact, CHEQ tracked millions of bots on sites after clicking on the ad campaigns of ecommerce companies in the United States, United Kingdom, Japan, and Australia. They infiltrated a well-known global skin care brand, automotive companies, and grocery sites, as well as a top DIY online marketplace, a personal finance company, fashion site, a leading travel site, and a major global provider of glasses and contact lenses.  

The study found that 92% of bots will click on a company’s branded search terms or paid ads, and then remain static for an average of 12 seconds on the landing page without clicking, scrolling or interacting with other pages.

This  relatively normal bot bounce rate of 12 seconds -- along with the percentage of visitors who enter the site and then leave -- is designed by fraudsters to act like a human to ensure bots do not arouse suspicion. It shows the level of sophistication of bots that appear human and the ease with which bot visits can skew vital ecommerce metrics.

The bounce rate, the percentage of instances where bots enter the site and then leave, was 22% for bots arriving via desktop ad 58% for bots clicking via mobile devices.

The bounce rate -- higher than average for ecommerce sites -- shows the sophistication of bots made to mimic human movement to avoid detection, according to the CHEQ report.

Analysis of the data also found that one in 50 bots that click on ads will find their way to a site's online checkout page, with multiple carts loaded with items.

This leads to infrastructure and software slowdowns and some instances of chargeback fraud, where bots complete the transaction and then seek a refund.

At least one in five bots used VPNs or other location obfuscation methods clicking on company’s ads from locations that e-commerce players did not ship to or target, including Vietnam and Pakistan.

An online retailer wasted $3,500 from retargeting bots that had visited its site, and a site invaded by scraper bots copying online recipes. It was then monetized by the fraudsters. The online travel site suffered 2,500 invalid clicks providing fake and damaging online reviews.