Bots have become a familiar and constant, if unwelcome, presence on the internet. While many are mostly harmless or even helpful, malicious ones are increasingly common. These bad bots now account for a substantial portion of cyberattacks.
Despite being so commonplace, bad bot attacks don’t always receive the same attention as other types of cybercrime. So what are they? Why do they matter? And what can you do to prevent being a victim of a bad bot attack?
What Is a Bad Bot Attack?
A bad bot is an automated program with a malicious purpose. Sometimes, that’s as mundane as buying in-demand inventories before real users get a chance to. These attacks are far more severe in other cases, however, scraping people’s information from websites to break into their accounts or leak sensitive data.
Bad bots often act like real people or harmless, regular programs, letting them slip by websites’ defenses. As a result, they’ve become shockingly common despite not making headlines the way some other attacks (like phishing, ransomware, and Trojans) do.
In fact, in one report, bad bots accounted for 25.6 percent of all web traffic in 2020, up 6.2 percent from 2019.
Why Bad Bots Are Such a Problem
On top of becoming so prevalent, bad bot attacks can also have severe consequences, including doxxing—that is, maliciously publishing private information on a public platform.
They can dox users with the information they glean from various sites, which, while not always illegal, can cause significant emotional harm and even physically endanger people.
Some bad bots may not dox users but utilize this information to gain a marketing edge over competitors. These types of bot attacks may not be illegal in areas without data security laws, but they still invade your privacy. Leaked information could lead to more damaging consequences, too.
Bad bots also play a big role in cyberattacks against retailers, which can cost more than $162 million. They do this with the information they scour from multiple sources across the web. After piecing all that data together, they can log in to real users’ accounts to steal their identities or credit card information.
How to Avoid Bad Bot Attacks
In many cases, the responsibility to prevent bad bot attacks lies with the websites they target. Sites can use CAPTCHA tests, behavior analytics, and other verification methods to distinguish between bots and real people.
Requiring users to log in with usernames instead of email addresses can also help.
You can take several steps to keep your information safe from bots, too. Here are three practices to help avoid bad bot attacks.
Use Multifactor Authentication
One of the best ways to protect against bad bots is Multi-Factor Authentication (MFA)—often known as Two-Factor Authentication (2FA). MFA is a typically optional setting that requires an additional step to log in, like a one-time passcode you get via text. This one simple thing is remarkably effective against bot account takeovers, blocking 99.9 percent of automated attacks.
A bot can easily get your email address and enough information to guess your password by scraping data from other sites. Adding this extra step ensures that the bot can’t hijack your account even in that scenario. It would also need real-time access to your text messages (or whichever additional means of verification you choose), which is highly unlikely.
Practice Good Credential Management
Along those same lines, it’s a good idea to vary your credentials among websites. Bots typically get access to accounts by credential stuffing. That means they try information they’ve found from your other accounts or on the dark web until something works.
Normally, credential stuffing is effective because people use the same usernames and passwords across multiple sites. If you use different ones, it quickly becomes ineffective. Bots can’t learn your credentials from another site if they aren’t there.
Be Careful With Your Information
And you can defend against bad bot attacks by posting less personal information online. While that may sound like a given or overly simplistic, it’s a common mistake many people make, and a dangerous one at that. The more details you have across various websites, the more damage a bot attack can do.
By contrast, if you don’t have much information out there, bots won’t be able to do much with your data. With that in mind, try to watch for what you post or enter into forms on the internet. Details like where you live and financial information are particularly important to keep personal.
Using an intermediary like PayPal to checkout on retail sites can help keep this data safe. Alternatively, you can delete sensitive information from your account after making a purchase.
Stay Safe From Bad Bots
Bad bot attacks are a troubling trend, but they’re not impossible to avoid. The first step in staying safe is acknowledging the threat these attacks pose.
You can stay safe if you know what to watch out for and understand the steps to prevent problems. You can then use the internet freely without worrying about your sensitive information leaking.
About The Author
