top of page
  • Admin

Sneaky Bad Bots Do Damage--The Five Baddest Bots Of All

Published: May 21, 2021 on our newsletter Security Fraud News & Alerts Newsletter.

For many of us, understanding bots – what they are, how they work, and what they do is a mystery. Bots, or internet robots, are used to facilitate and automate repetitive actions and can be very helpful in business and other settings. You can also think of them as spiders, web bots, and crawlers, and there are good bots and unfortunately, bad bots too. Easy to install via download, bad bots typically use a malicious link in a phishing email or social media message to infect a device or an entire network. Taking a look at last year’s top five most vicious bots can help explain just how bad a bot can be.

Bot Stats – The United States vs. The World

According to a study by Imperva, “Bad Bot Report 2021,” the U.S. takes the number one spot among countries originating the top five bad bot traffic, with a 40.5% share – up from 11.8% the previous year. China takes the number two spot with 5.2%. And again, at number one, the U.S. is the most bot-attacked country in the world at 37.2% and China is next at 8.3%.


1. Account Takeover (ATO) Bots. Considered the most nefarious bots of all, ATOs are a type of identity theft where cybercriminals use bots to get illegal access to user accounts through credential stuffing attacks. Bot’s “stuff” the login credentials into user accounts until a match is found. For these bad bots, identity theft with a heaping helping of financial fraud is always on the ATO menu.

2. Scalping Bots, aka Ticketbots, Grinchbots, Sneakerbots, and more. They’re a new twist to the age-old scam of gaining profits by buying up a stockpile of whatever they can, especially products that have limited availability. From the latest sneaker release to video games to PPE during the pandemic, scalping bots allow bad actors to resell the products at a much higher price. Scalping bots do the work and hackers rake-in the profits.

3. Carding and Card Cracking Bots. Financial fraud is the goal of these bad bots. They pose a huge threat to financial services, retail, entertainment, travel, and more. Anywhere payments are made with a credit card are vulnerable to this threat. Carding bots verify stolen payment card numbers by making small purchases before much larger purchases are made by fraudsters. Card Cracking bots fill in missing information like CVV numbers and expiration dates so they too can be used for unauthorized purchases.

4. Denial of Service. These bad bots are used to bombard targeted websites with clicks from all over the world. Like most malicious activity, this starts with phishing emails. Once infected, people unwittingly "lend" their computer or device to be part of huge pools of devices that all visit a website at the same time, repeatedly. Websites get overwhelmed with the clicks and eventually crash.

5. Scraping Bots for Price and Content. Some data theft can directly affect a business. Business competitors use scraping bots to get prices a competitor is offering, allowing them to offer lower prices for the same goods and services online. They’re sneaky and they’re legal to use.

Want to schedule a conversation? Please email us at

bottom of page