Online shopping is the way to go these days but it may not be so easy to get hold of the ps5 you wanted for your kid because they have all sold out in seconds. Does not matter if it’s Thanksgiving, Black Friday, Christmas or New Year’s sales, the good stuffs get bought quickly before anyone can. Not by human but by some nefarious PC program popularly known as the Grinch Bot.
What is a Bot?
A bot is a computer program that acts as per the instructions of the owner autonomously. In this case they are using legitimate credit cards to buy goods online. These automated codes are the easiest method for attackers to get their hands on these goods. Because of their ability to rapidly repeat a specific task, bots are used to do things at speed that humans can’t or simply won’t do.
How serious is it?
As much as 97 percent of all online traffic to retailer login pages in 2019 holiday shopping week came from bots that were mostly operated by organized gangs of online crooks, according to estimates by cybersecurity firm Radware. They also crack into accounts, pinch rewards from accounts and other digital currency, carry out credit card fraud, and much more. Much like spywares.
These bots are used by resellers, particularly during the holiday shopping season, to purchase popular items online. They can often buy out the full inventory before any humans get a chance to place an order. The items are then resold at inflated prices.
The bots are getting sophisticated by the day. They can clear CAPTCHAS and other security measures to beat customers to the purchase.
When did Grinch bot start and how did the name come to be?
The Grinch is a fictional character created by Dr. Seuss. He is best known as the main character of the 1957 children’s book How the Grinch Stole Christmas. Aided by his pet dog, Max, he disguises himself as Santa Claus and breaks into the Whos’ homes to steal everything they own and dump it off a nearby mountain. This is how the name for the Grinch bot was aptly coined.
It is actually unclear when it all started but we first heard about Grinch Bots in 2017 when online entities began using cyberbots to hoard popular goods as soon as they hit the market or went on sale for Black Friday. The aim is to increase demand and control the supply for everything from game consoles to event tickets and make money by spiking up their resale prices on sites like eBay.
Two brothers bought a bunch of Hatchimals toy of 2016 to force families to pay large markups to get the toy. It was like an crude version of the Grinch-bot scandal. Interviewed by Time magazine, the brothers were blatant and in fact, they were proud. “We didn’t break any laws,” one brother, Mike Zappa, said. “And we aren’t dictating how the market is pricing the toys on eBay. What we are doing is capitalism at its best.”
Tips to beat Grinch bot:
- Don’t reuse the same password on multiple sites. It is a good idea to use a password manager and two factor authentications.
- Don’t fall for the Grinch bots so don’t buy from third party vendors like ebay.
- On the retail website look for https: which means it’s encrypted.
- Checkout with paypal or other payment service instead of a credit card so that if the site gets breached, your credit card is not leaked.
- Check credit card statement regularly for fraudulent activity.
Stopping Grinchbots Act
This bill makes it unlawful to use automated tools (i.e., bots) to intentionally bypass a website’s security measures in order to purchase and resell its products or services in interstate commerce. This bill was first introduced in the house of United States in 2018. It seems the bill hasn’t passed into a law yet.
It is so easy to make a Grinch bot
Youtube is full of videos teaching how to build a sneaker bot or a Grinch bot. There are reviews, comparisons, how tos etc readily available to try out for interested people. So it is up to the stores to step up their security game and come up with mechanisms to counter these.