Bots, programs that are used to automate common tasks for human users, have been around almost as long as computers themselves. Good bots have all kinds of uses. For example, Google uses bots to crawl the web and index web pages so their users can find them easily through Google searches. Adblocking bots help keep website visitors from being bombarded with unwanted ads.
However, not all bots are good bots. Some bots are “bad bots” that may be used for nefarious purposes—such as committing ad fraud. Let’s examine what bad bots are, how they can hurt your online ad campaigns, and what you can do to stop them!
What Is a Bad Bot?
A “bad bot” is an automated software program designed specifically for a malicious purpose.
Some of the potential uses for bad bot programs include:
- Using bots to crawl web pages and steal content
- Serving spam, scraping information, and generating fake ad impressions in online marketing campaigns
- Driving bad ad placements in fraudulent programmatic platforms
- Filling out forms with fake information to create bad leads
- Spamming your organization’s contact or survey forms with bad messages—which can keep you from responding to genuine inquiries
- Posting fraudulent reviews on websites to make products and services look better or worse than they actually are to potential customers
How Do Bad Bots Work?
Bad bots are often created using “zombie bot” software. This software is used to infect devices owned by unsuspecting internet users and turn those devices into drones controlled by the owner of the zombie bot software (the “bot controller”). The bots are integrated into a larger botnet—a collection of devices operated by the same bot controller—and used to perform whatever task the bot controller designed them to perform.
In many cases, these malicious bots are used to commit some kind of cyberattack or large-scale bot fraud scheme. Because the traffic for the fraud is routed through the device owner’s network and not directly from the bot controller, the fraudster is hidden from direct scrutiny. This, in turn, helps the fraudster hide long enough to do serious damage to their intended victim and get away before they’re caught.
5 Ways Bad Bots Can Devastate Your Online Advertising Efforts
What negative effects can bot fraud have on your online marketing campaigns? There are many ways that fraudsters can damage your company by using bots. Some of the more common ways bots hurt your online ad campaigns and your brand include:
1. Tarnishing Your Brand Name and Reputation
If you have been on the internet for more than a few minutes, you have likely come across some bad bot activity. These bad bots usually use fake emails and accounts to trick people into clicking links or purchase products online, leading to bad reviews on your site.
While most of these spam bots are harmless, they still pose a problem because they can lead customers away from your website and cause bad reviews on social media channels like Facebook or Twitter.
Some of the ways that bots can tarnish an organization’s reputation/brand name include:
Bots Can Steal Sensitive Information
Bots can steal sensitive information for their bot controllers. The controllers behind the bots can then use it to spam other websites or sell it to your competitors.
Some bots are even advanced enough to harvest your customers’ financial data, including credit card numbers and social security numbers. What's more, many bad bots are designed specifically to defeat traditional anti-bot countermeasures like CAPTCHA tools. The bad news is that bot fraud is getting harder to control with every day that goes by.
Not only do bad bots steal sensitive information, but bad bots can also contaminate your website traffic leads by filling out forms on your site with fake user profiles or bad data. Some bad bots are even sophisticated enough to replicate human actions when trying to access resources on your website. This helps them hide from simplistic traffic filters that are only meant to counter general invalid traffic (GIVT) instead of sophisticated invalid traffic (SIVT).
Bots Can Cause TCPA Violations
When you rely on bad lead data provided by a bot, that information is often stolen from a real consumer. So, when you try to reach out to those consumers, you do reach a real person. However, that person never actually consented to receive communications from you. This can result in a TCPA violation and fines of $500-$1,500 per incident.
TCPA, or the Telephone Consumer Protection Act of 1991, is a piece of legislation designed to prevent nuisance phone calls. Violations of TCPA can result in class action lawsuits that make headlines in a bad way—potentially damaging your brand image with consumers.
Associating Your Website with Spammy Ads
Ad bots can hijack a website visitor’s web browser software—adding an overlay to websites that injects ads that aren’t even supposed to be there. However, the visitor is often unaware that the ads aren’t part of the website.
So, when visitors see a bunch of spammy ads for fake or inappropriate products on your site, they’ll associate your company brand with those ads. This can create negative PR and cause potential customers to avoid your brand.
2. Bad Bots Can Damage Your SEO Ranking
Your site's ranking on a search engine results page (SERP) depends on many factors: your website’s average load time, content quality, backlinks, etc. However, bad bots can cripple your website by causing your SEO ranking to plummet.
Some of the ways that bad bots can hurt your SEO ranking include:
Spamming Your Website with Questionable Backlinks
Backlinks are one of the factors that Google uses to rank websites and place them high in online search results. Moz calls them “an essential component of off-site SEO.” However, there is such a thing as a bad backlink. Bad bots can be used to spam your website with low-quality links from dubious web domains.
When Google sees that low-quality domains are the primary source of your website’s backlinks, Google may deem your website to be low-quality or assume you paid for bad backlinks and drive your web pages further down their search engine results lists. This may prevent your website from being found in searches—making your website less effective at promoting your brand.
Thankfully, Google has a disavow tool that you can use to make their search engine ignore bad backlinks—though manually tracking down and disavowing the bad backlinks created using bots can be a time-consuming effort.
Crashing Your Website
Distributed denial of service (DDoS) attacks occur when botnets are used to target and overwhelm a single system with the intention of making it unavailable to legitimate users.
Most DDoS attacks last less than four hours, but some can exceed over 200 hours. A shorter DDoS attack, while still bad, won’t hurt your SEO ranking too much, but a longer one will. In the event of an attack, you’ll want to secure your website as soon as you can to help prevent any future attacks.
Bots Steal and Plagiarize Your Content
Copy bots are bad news. They’ll steal all of the high-quality content you’ve carefully crafted for your site and post it elsewhere without your knowledge or permission—and they won’t give you any credit for it, either.
Search engines consider duplicate content as plagiarized. This means that if a copy bot posts the same article on 20 websites at once, Google will think that each one is an original page created by different people…. It may take weeks before Google realizes what has happened.
In the meantime, your site’s SEO ranking could drop as a punishment for copying, even if you’re the original publisher. The worst part is there's no real way to know your content has been scraped unless you're actively checking for it.
Bots Can Slow Your Site Speed
When bots invade your website, they may introduce a significant demand for data resources on your site—even if they aren’t specifically part of a DDoS attack. This excessive data load may cause your site to become unstable or introduce significant input lag. Ad bots can be especially bad for this, since they introduce new interactions and keep website visitors from being able to navigate your site in a normal fashion.
Not only will this cause your users to go elsewhere out of frustration, but it’ll also damage your website’s quality score.
3. They Corrupt Your Analytics
Bad bots can actively interfere with your online marketing campaigns by generating false impressions, clicks, and form fills. In many cases, these fraudulent interactions will skew your marketing data—which can lead to bad decisions in future marketing campaigns. This creates a long-lasting negative impact that hurts your online marketing efforts.
Bots Can Click on Your Ads
Known to advertisers as click fraud, bots interact with your ads by clicking on them, ultimately falsifying your click-through rate (CTR), filling out forms and making it look like you’re getting a conversion when in reality you have no legitimate prospects at all. The bad bot epidemic impacts not just advertisers but businesses as well, with millions of dollars being lost each year due to click fraud. Bot interactions basically render your ad campaigns useless, because you’re paying for ads that only attract false bot clicks. These clicks drain your advertising budget, and then your ad no longer shows legitimate traffic.
Form Bots Can Create Fake Leads
Beyond just clicking ads, more sophisticated bots can even fill out forms on your site, which flood your database with fake customer information, altering your conversion statistics and making it seem as though you have more leads than you do.
Download this e-book to better understand bots, how they affect your digital marketing campaign, and how to minimize your company’s risk with an ad fraud solution. >>
As mentioned earlier, if you’re collecting information like phone numbers and you’re not properly vetting each lead you receive, you could risk TCPA noncompliance if you call the number without proper consent.
4. They Affect Your Revenue
Any cyber threat has the potential to cause a loss of revenue. But when it comes to bots, there’s an even greater risk: bots work exponentially faster than a human hacker who’s trying to bypass security manually. Unlike a human working on a single task, bots can be programmed to harm you financially in more ways than one.
And, when large botnets are created by a malicious actor, you can end up having to deal with dozens of different types of bot-based fraud and cyberattacks at the same time. This can make it significantly more difficult to counter bot fraud.
Some of the ways that bad bots can impact your revenue include:
Spying for Your Competitors
Bad bots, either working on behalf of a competitor or a data reseller, can be designed to crawl your site and gather information such as product details and pricing. This can make it nearly impossible to gain an edge over the competition because your competitors can simply undercut you.
Collecting and Redistributing Your Proprietary Data
Data aggregators are a type of bot that can steal any research you’ve done or data you’ve spent money gathering and release it for free. The value of your now-public data will essentially be nonexistent, so you’ll no longer be able to profit from it.
In extreme cases, bots may even steal your intellectual property (IP) to allow your competitors to recreate your products or services in detail. Additionally, since they didn’t have to invest in the R&D necessary to create the product, they can undercut you more easily even while using the same quality of materials and resources.
Skewing Your Advertising Costs
When bad bots mess with your analytics, it affects the cost of your advertising. Publishers will be able to charge a lot more for ad space because they’ll reference your inflated traffic numbers (even though it’s invalid traffic from bots) instead of looking at your actual traffic. This means that when you place ads, you’ll end up paying higher prices for low-quality traffic.
Bots can also mess with any A/B testing you do. They’ll automatically click on everything, as they’re programmed to do, so you won’t know which ads are actually performing well, nor will you be able to properly optimize your campaigns. This can lead to wasted spending on A/B testing and increased spending overall as you keep trying to figure out what works, only to be thwarted by bots that click on everything.
5. They Target Yours and Your Customers’ Devices
The malicious actors behind bad bots will often do anything and everything they can to make an easy buck. So, they’ll sometimes try to hijack your website and use spam and malware to target anyone who visits your site.
Some examples of the different types of attacks fraudsters might engage in using bots include:
Clickjacking Your Customers
Clickjacking occurs when fraudsters trick website visitors into clicking on a site and filling out a form by making a legitimate web page transparent and layering it over a fake website. The visible page looks completely normal, but when the visitor clicks, they’re actually interacting with the transparent page.
On a clickjacked page, anything can happen. Visitors may be giving hackers and fraudsters access to sensitive information as they click around on the visible site. Clickjacking bots can also trick visitors into activating electronic bank transfers, liking social media pages without their permission, downloading malware, or even making online purchases.
Infecting Your Website’s Code
If your site’s security isn’t up-to-date, it’s easy for bots to inject malware into your HTML header. The code is usually hard to detect, because it looks similar to your site’s real code.
It’s possible for these injected codes to allow bots to redirect your traffic to sites your audience never meant to visit. This is exactly what the MosQUito jQuery script does to Joomla or WordPress sites. The MosQUito script takes traffic coming into your site, either from search or paid advertising, and then directs it elsewhere.
How to Combat the Bad Bots
Catching the bots is just the first half of the challenge, and fighting them can be impossible. The best approach is to take preventative measures so bots can’t touch you in the first place.
Search for Copies of Your Content. Pull a quote or two from your content and do a search for it. If you see a match from a website that you didn’t give permission to use your content, you’re probably a victim of content scraping. You can also use a site like Copyscape to do the heavy lifting for you.
Browse your blog’s comments regularly and delete any comments that contain spam or questionable links. It might take a while, but it means your readers are at a lower risk for malware schemes.
Block Untrustworthy IP Addresses.
It’s not 100% effective, since some bots have multiple IP addresses, but you can block the known addresses of bots to keep them from coming back for another attack.
Block Known Bots.
On top of blocking questionable IP addresses, you can also copy a starter list of known bots to your site’s .htaccess file to block them from accessing your site.
Test the Speed of Your Site.
If you’re continually testing, you’ll know when your site slows down, which could be a sign that bots are infecting your site’s code.
View Your Site in Incognito Mode.
You can keep tabs on your SEO rank this way, and you can also see how your website appears to customers. You’ll know if they’re being served any spam or if they’re getting redirected to an unfavorable site.
Filter Your Traffic.
Traffic filtration helps you block the bad bots before they interact with your site and cost you time and money. You’ll be able to make sure that your ads are appearing to real people and not bots.
No matter what you do, some bad bots will slip through your security net. However, you can make sure that you’re educated about bots and taking every precaution you can to prevent a bot attack. It’ll keep your stress levels down and your customers’ online experience positive.
This article was originally posted in August 2017 and has been republished with new information.