Get the Latest Updates from Anura
Subscribe to Email Updates
Bots, programs that are used to automate common tasks for human users, have been around almost as long as computers themselves. Good bots have all kinds of uses. For example, Google uses bots to crawl the web and index web pages so their users can find them easily through Google searches. Adblocking bots help keep website visitors from being bombarded with unwanted ads.
However, not all bots are good bots. Some bots are “bad bots” that may be used for nefarious purposes—such as committing ad fraud. Let’s examine what bad bots are, how they can hurt your online ad campaigns, and what you can do to stop them!
Get started with a free trial today to see exactly how much you could be losing to ad fraud.
A “bad bot” is an automated software program designed specifically for a malicious purpose. Some of the potential uses for bad bot programs include:
Bad bots are often created using “zombie bot” software. This software is used to infect devices owned by unsuspecting internet users and turn those devices into drones controlled by the owner of the zombie bot software (the “bot controller”). The bots are integrated into a larger botnet—a collection of devices operated by the same bot controller—and used to perform whatever task the bot controller designed them to perform.
In many cases, these malicious bots are used to commit some kind of cyberattack or large-scale bot fraud scheme. Because the traffic for the fraud is routed through the device owner’s network and not directly from the bot controller, the fraudster is hidden from direct scrutiny. This, in turn, helps the fraudster hide long enough to do serious damage to their intended victim and get away before they’re caught.
What negative effects can bot fraud have on your online marketing campaigns? There are many ways that fraudsters can damage your company by using bots. Some of the more common ways bots hurt your online ad campaigns and your brand include:
If you have been on the internet for more than a few minutes, you have likely come across some bad bot activity. These bad bots usually use fake emails and accounts to trick people into clicking links or purchase products online, leading to bad reviews on your site.
While most of these spam bots are harmless, they still pose a problem because they can lead customers away from your website and cause bad reviews on social media channels like Facebook or Twitter.
Some of the ways that bots can tarnish an organization’s reputation/brand name include:
Bots can steal sensitive information for their bot controllers. The controllers behind the bots can then use it to spam other websites or sell it to your competitors.
Some bots are even advanced enough to harvest your customers’ financial data, including credit card numbers and social security numbers. What's more, many bad bots are designed specifically to defeat traditional anti-bot countermeasures like CAPTCHA tools. The bad news is that bot fraud is getting harder to control with every day that goes by.
Not only do bad bots steal sensitive information, but bad bots can also contaminate your website traffic leads by filling out forms on your site with fake user profiles or bad data. Some bad bots are even sophisticated enough to replicate human actions when trying to access resources on your website. This helps them hide from simplistic traffic filters that are only meant to counter general invalid traffic (GIVT) instead of sophisticated invalid traffic (SIVT).
When you rely on bad lead data provided by a bot, that information is often stolen from a real consumer. So, when you try to reach out to those consumers, you do reach a real person. However, that person never actually consented to receive communications from you. This can result in a TCPA violation and fines of $500-$1,500 per incident.
TCPA, or the Telephone Consumer Protection Act of 1991, is a piece of legislation designed to prevent nuisance phone calls. Violations of TCPA can result in class action lawsuits that make headlines in a bad way—potentially damaging your brand image with consumers.
Ad bots can hijack a website visitor’s web browser software—adding an overlay to websites that injects ads that aren’t even supposed to be there. However, the visitor is often unaware that the ads aren’t part of the website.
So, when visitors see a bunch of spammy ads for fake or inappropriate products on your site, they’ll associate your company brand with those ads. This can create negative PR and cause potential customers to avoid your brand.
Your site's ranking on a search engine results page (SERP) depends on many factors: your website’s average load time, content quality, backlinks, etc. However, bad bots can cripple your website by causing your SEO ranking to plummet.
Some of the ways that bad bots can hurt your SEO ranking include:
Backlinks are one of the factors that Google uses to rank websites and place them high in online search results. Moz calls them “an essential component of off-site SEO.” However, there is such a thing as a bad backlink. Bad bots can be used to spam your website with low-quality links from dubious web domains.
When Google sees that low-quality domains are the primary source of your website’s backlinks, Google may deem your website to be low-quality or assume you paid for bad backlinks and drive your web pages further down their search engine results lists. This may prevent your website from being found in searches—making your website less effective at promoting your brand.
Thankfully, Google has a disavow tool that you can use to make their search engine ignore bad backlinks—though manually tracking down and disavowing the bad backlinks created using bots can be a time-consuming effort.
Distributed denial of service (DDoS) attacks occur when botnets are used to target and overwhelm a single system with the intention of making it unavailable to legitimate users.
Most DDoS attacks last less than four hours, but some can exceed over 200 hours. A shorter DDoS attack, while still bad, won’t hurt your SEO ranking too much, but a longer one will. In the event of an attack, you’ll want to secure your website as soon as you can to help prevent any future attacks.
Copy bots are bad news. They’ll steal all of the high-quality content you’ve carefully crafted for your site and post it elsewhere without your knowledge or permission—and they won’t give you any credit for it, either.
Search engines consider duplicate content as plagiarized. This means that if a copy bot posts the same article on 20 websites at once, Google will think that each one is an original page created by different people…. It may take weeks before Google realizes what has happened.
In the meantime, your site’s SEO ranking could drop as a punishment for copying, even if you’re the original publisher. The worst part is there's no real way to know your content has been scraped unless you're actively checking for it.
When bots invade your website, they may introduce a significant demand for data resources on your site—even if they aren’t specifically part of a DDoS attack. This excessive data load may cause your site to become unstable or introduce significant input lag. Ad bots can be especially bad for this, since they introduce new interactions and keep website visitors from being able to navigate your site in a normal fashion.
Not only will this cause your users to go elsewhere out of frustration, but it’ll also damage your website’s quality score.
Bad bots can actively interfere with your online marketing campaigns by generating false impressions, clicks, and form fills. In many cases, these fraudulent interactions will skew your marketing data—which can lead to bad decisions in future marketing campaigns. This creates a long-lasting negative impact that hurts your online marketing efforts.
Known to advertisers as click fraud, bots interact with your ads by clicking on them, ultimately falsifying your click-through rate (CTR), filling out forms and making it look like you’re getting a conversion when in reality you have no legitimate prospects at all. The bad bot epidemic impacts not just advertisers but businesses as well, with millions of dollars being lost each year due to click fraud. Bot interactions basically render your ad campaigns useless, because you’re paying for ads that only attract false bot clicks. These clicks drain your advertising budget, and then your ad no longer shows legitimate traffic.
Beyond just clicking ads, more sophisticated bots can even fill out forms on your site, which flood your database with fake customer information, altering your conversion statistics and making it seem as though you have more leads than you do.
Download this e-book to better understand bots, how they affect your digital marketing campaign, and how to minimize your company’s risk with an ad fraud solution. >>
As mentioned earlier, if you’re collecting information like phone numbers and you’re not properly vetting each lead you receive, you could risk TCPA noncompliance if you call the number without proper consent.
Any cyber threat has the potential to cause a loss of revenue. But when it comes to bots, there’s an even greater risk: bots work exponentially faster than a human hacker who’s trying to bypass security manually. Unlike a human working on a single task, bots can be programmed to harm you financially in more ways than one.
And, when large botnets are created by a malicious actor, you can end up having to deal with dozens of different types of bot-based fraud and cyberattacks at the same time. This can make it significantly more difficult to counter bot fraud.
Some of the ways that bad bots can impact your revenue include:
Bad bots, either working on behalf of a competitor or a data reseller, can be designed to crawl your site and gather information such as product details and pricing. This can make it nearly impossible to gain an edge over the competition because your competitors can simply undercut you.
Data aggregators are a type of bot that can steal any research you’ve done or data you’ve spent money gathering and release it for free. The value of your now-public data will essentially be nonexistent, so you’ll no longer be able to profit from it.
In extreme cases, bots may even steal your intellectual property (IP) to allow your competitors to recreate your products or services in detail. Additionally, since they didn’t have to invest in the R&D necessary to create the product, they can undercut you more easily even while using the same quality of materials and resources.
When bad bots mess with your analytics, it affects the cost of your advertising. Publishers will be able to charge a lot more for ad space because they’ll reference your inflated traffic numbers (even though it’s invalid traffic from bots) instead of looking at your actual traffic. This means that when you place ads, you’ll end up paying higher prices for low-quality traffic.
Bots can also mess with any A/B testing you do. They’ll automatically click on everything, as they’re programmed to do, so you won’t know which ads are actually performing well, nor will you be able to properly optimize your campaigns. This can lead to wasted spending on A/B testing and increased spending overall as you keep trying to figure out what works, only to be thwarted by bots that click on everything.
The malicious actors behind bad bots will often do anything and everything they can to make an easy buck. So, they’ll sometimes try to hijack your website and use spam and malware to target anyone who visits your site.
Some examples of the different types of attacks fraudsters might engage in using bots include:
Clickjacking occurs when fraudsters trick website visitors into clicking on a site and filling out a form by making a legitimate web page transparent and layering it over a fake website. The visible page looks completely normal, but when the visitor clicks, they’re actually interacting with the transparent page.
On a clickjacked page, anything can happen. Visitors may be giving hackers and fraudsters access to sensitive information as they click around on the visible site. Clickjacking bots can also trick visitors into activating electronic bank transfers, liking social media pages without their permission, downloading malware, or even making online purchases.
If your site’s security isn’t up-to-date, it’s easy for bots to inject malware into your HTML header. The code is usually hard to detect, because it looks similar to your site’s real code.
It’s possible for these injected codes to allow bots to redirect your traffic to sites your audience never meant to visit. This is exactly what the MosQUito jQuery script does to Joomla or WordPress sites. The MosQUito script takes traffic coming into your site, either from search or paid advertising, and then directs it elsewhere.
Catching the bots is just the first half of the challenge, and fighting them can be impossible. The best approach is to take preventative measures so bots can’t touch you in the first place.
Related Reading: How to Protect Your Brand and Consumers From Bad Bots
Search for Copies of Your Content. Pull a quote or two from your content and do a search for it. If you see a match from a website that you didn’t give permission to use your content, you’re probably a victim of content scraping. You can also use a site like Copyscape to do the heavy lifting for you.
Delete Spam. Browse your blog’s comments regularly and delete any comments that contain spam or questionable links. It might take a while, but it means your readers are at a lower risk for malware schemes.
Block Untrustworthy IP Addresses. It’s not 100% effective, since some bots have multiple IP addresses, but you can block the known addresses of bots to keep them from coming back for another attack.
Block Known Bots. On top of blocking questionable IP addresses, you can also copy a starter list of known bots to your site’s .htaccess file to block them from accessing your site.
Test the Speed of Your Site. If you’re continually testing, you’ll know when your site slows down, which could be a sign that bots are infecting your site’s code.
View Your Site in Incognito Mode. You can keep tabs on your SEO rank this way, and you can also see how your website appears to customers. You’ll know if they’re being served any spam or if they’re getting redirected to an unfavorable site.
Filter Your Traffic. Traffic filtration helps you block the bad bots before they interact with your site and cost you time and money. You’ll be able to make sure that your ads are appearing to real people and not bots.
No matter what you do, some bad bots will slip through your security net. However, you can make sure that you’re educated about bots and taking every precaution you can to prevent a bot attack. It’ll keep your stress levels down and your customers’ online experience positive.
This article was originally posted in August 2017 and has been republished with new information.
Get started fighting bots & ad fraud, in our eBook: Bots 101. Get yours now!
Subscribe to Email Updates