New research finds e-commerce and luxury industries at highest risk for online fraud
E-Commerce and Luxury Industries at Highest Risk for Online Fraud
Consumer-centric and digital native industries are prime targets for cybercriminals and have inadequate defenses against bad bots. This puts data security and the customer experience at risk, with severe consequences such as financial loss and reputational damage. The analysis found that the luxury and e-commerce sectors are at the highest risk for online fraud. DataDome Advanced Threat Research found that only 5% of luxury brand websites and 10% of e-commerce websites are fully protected against bad bots, posing a significant risk as the holiday shopping season approaches.
Additionally, only 6% of media websites have robust protection against bots, leaving 94% vulnerable to ad fraud, content scraping, and DDoS attacks. These findings reveal a strong correlation between the proliferation of bad internet traffic and the vulnerability of high-traffic websites. Bad bot creation, a relatively quick and cost-effective attack vector, has become a technique of choice for attackers looking to automate online fraud.
“Consumer-centric industries are highly vulnerable to malicious bot activity and face increased risks of financial loss, data breaches, and reputational damage. As our research reveals, the low barriers for creating and deploying bad bots have made them a favored tool for fraudsters seeking to exploit high-traffic websites. Needless to say, the need for robust, multi-layered bot protection has never been more urgent,” said Antoine Vastel, Vice President of Research, DataDome.
AI-Powered Advanced Bots Evading Detection
Over the last 12 months, the latest research shows that both basic and advanced bot-driven attacks have increased. The tools and techniques available to cybercriminals to perform these attacks have become more advanced, significantly outpacing traditional defenses.
Advanced bots, designed to bypass traditional CAPTCHAs by leveraging AI-powered “bot farms” to solve them in real-time, were detected by protection less than 5% of the time.
These sophisticated bots can impersonate users with a high accuracy rate and have been shown to spread disinformation online. In July 2024, the U.S. Department of Justice dismantled a large-scale Russian propaganda campaign that used a “bot farm” to bypass one of X’s user verification methods and spread disinformation in the U.S. with fake social media accounts. The use of advanced bots by political actors poses a significant threat as the U.S. presidential election battle heats up.
Vastel continued, “We’re seeing a surge in genAI-augmented media, which can be used for nefarious political influence. Social media platforms and media websites are being targeted by bad actors looking to spread political disinformation. Given that this is an election year, we strongly advise media websites to reassess the risks associated with malicious web traffic.”
Advancements in automated browsers, anti-detection frameworks, proxy usage, and AI assistance have made it increasingly difficult for companies to defend against bot threats. Among tested domains using some form of bot protection, bots were still able to completely penetrate 45%. Fake Chrome bots remain the most difficult type of simple bot to detect, leaving businesses open to layer 7 DDoS attacks, account fraud, and more.
Europe and North America Least Prepared to Fight the Rising Tide of Bot Attacks
Regionally, Europe is the least protected against simple bot attacks, with 68% of websites unprotected and only 8% fully protected. North America follows closely behind, with 64% of websites unprotected and only 9% fully protected.