Under Attack?
Search
Menu

Unmasking the Dangers of Fake Registrations by Bad Bots

By Neetu SinghJanuary 24, 2024

Fake registrations by bad bots involve the automated creation of false accounts or registrations on digital platforms. These bots, designed by cybercriminals, mimic human behavior to exploit vulnerabilities in registration processes. By inputting fictitious or stolen identity information, these accounts appear legitimate but serve malicious purposes. Bad bots execute these actions to spam platforms, harvest sensitive data, or engage in other fraudulent activities, jeopardizing the integrity of online spaces and compromising user security. This menace not only undermines the credibility of digital platforms but also poses significant threats to businesses and users.

Monetary Gains by Using Bad Bots

One of the interesting use cases that we have is of a F&B customer of Radware that had a recent Sweepstake contest for their customers. Participants just had to fill in a separate promotional webpage form detailing their information and submit it. 30 randomly selected participants will be awarded $500 cash and one month’s supply of the company’s best-selling product in the form of coupons. However, opportunists took the chance to gain more by doing less.

They employed bots to fill in the entries with fake registrations to increase their chances of winning. So much so that there were more than 490 bad bot hits on their platform with 145,000 fake registrations identified just within a week.

Figure 1

Figure 1: Bad bot hits recorded on the retailer’s promotional webpage.

Of the 380,000 entries, more than 125,000 were fake entries made by bad bots. Which means that around 34% of their entries were done by bad bots.

Figure 2

Figure 2: Comparison between genuine and fake registrations on the retailer’s portal.

The issue of bad bots filling fake registrations for winning contests holds significant implications due to its prevalence and the substantial harm it can inflict on businesses and individuals alike:

  1. Rampant Contest Manipulation: Manipulation by bots distorts the fairness and authenticity of such competitions, misleading organizers and affecting genuine participants’ chances of winning.
  2. Widespread Impact: Organizers across these sectors face an ongoing battle against automated entries that skew results and compromise the integrity of their contests.
  3. Loss of Credibility and Trust: Authentic participants might question the fairness of the contests, impacting their trust in the brand or platform.
  1. Financial Losses and Resource Drain: Companies might allocate resources for prizes, marketing, or event planning, only to have the results invalidated by bot-driven fake registrations.
  2. Diminished User Engagement and Participation: Decreased user engagement and participation can impact the success of future promotions or campaigns, affecting businesses’ marketing strategies.

How Does Fake Registration Take Place:

Figure 3

Figure 3: How fake registration takes place

Malicious bots, equipped with automated scripts, infiltrate registration forms on websites or apps, manipulating these forms by filling in fields with randomly generated or predefined information. In our customer’s case where bots were used to fill the form, the scripts would click on “Enter Now” which would create a new registration with encrypted values. The script then refreshed the same webpage or opened the webpage in a new tab to submit the request again creating a new set of submitted encrypted values that would be recognized as legal submissions for the contest.

Figure 4

Figure 4: Fake registrations identified on retailer’s portal

The image vividly illustrates the impact of automated scripts running simultaneously, initiating multiple browser instances in their initial hit, and orchestrating a multitude of contest registrations. What’s striking is the staggering volume of activity stemming from a single IP address within a mere week: over 80,000 bot-driven interactions occurred, resulting in a staggering 35,000 successful unique registrations.

The consequences of such rampant bot usage extend far beyond mere numbers. For authentic participants, this inundation of bot-driven registrations dramatically skews the fairness of contests or promotions. The chances of genuine entrants winning prizes or securing coveted spots are significantly diminished in the face of this automated onslaught.

How Can Bot Manager Help to Curb Fake Registrations:

A Bot Manager plays a crucial role in curbing fake registrations by employing sophisticated technologies and strategies specifically designed to detect and prevent bot-driven activities. Here’s how Radware Bot Manager can help mitigate fake registrations:

  1. Intent-Based Deep Behavioral Analysis:
    Radware utilizes Intent-based Deep Behavioral Analysis (IDBA) to distinguish human-like interactions from sophisticated bot activity. IDBA detects advanced bots with human-like interactions, significantly reducing false positives in identifying fake registrations.
  2. Handling Bot Traffic in Multiple Ways:
    Radware Bot Manager allows custom actions based on bot types, such as showing challenges like CAPTCHAs to suspected non-human traffic. Challenges and custom actions disrupt automated attempts, preventing fake registrations by bots targeting web properties.
  3. Transparent Reporting and Comprehensive Analytics:
    The Bot Manager provides granular classification of bot types and comprehensive analytics, aiding in efficient management of non-human traffic offering clear insights into bot intent, aiding in the identification and management of fake registrations on internet properties.
  1. Widest Mitigation Options:
    Radware’s various mitigation options include Crypto Challenge and CAPTCHA-less mitigation with Blockchain-based Cryptographic Proof of Work. This innovative mitigation method creates CPU-intensive browser-based challenges against anomalies in user behavior and stops sophisticated bot attacks without impacting customer experience.
  2. Mobile Application Protection Capabilities:
    Radware’s integrated device authentication and secure identity to protect mobile apps against bot attacks enhancing mobile app security, ensuring only genuine devices access resources, and stopping bot attacks on mobile apps.
Posted in: Application ProtectionTags:

Neetu Singh

Neetu Singh is a cybersecurity solution lead with Radware. In her role, she specializes in application security and threat intelligence, working closely with Radware's product and threat research teams. Here she has led marketing initiatives, partnerships, collaborations, and campaigns for enterprise and SMB markets. She frequently writes about cloud trends, industry 4.0 and SMAC (social, mobile, analytics and cloud) among other topics. Neetu holds an MBA in marketing from NMIMS University in Mumbai.

Related Articles

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?