Share This Post

In our last post on bot mitigation definitions we started out with the very basics. Now it’s time to level up and unveil fraudsters’ most used attacks. Ready to learn what they’re up to? Let’s dive right in:

Account Attack Definitions

 Account Creation

Some of the most prevalent attacks revolve around user account creation. A common example would be when an attacker is automatically creating thousands of fake accounts on a website to get a reward (like coupon or digital reward). They will subsequently sell these rewards online to other parties.

Account Takeover

A form of identity theft where a fraudster uses bots to gain access to a victim’s online account for fraudulent transactions and unauthorized scams.

Credential Stuffing, Credential Cracking, Web Cracking & Account Cracking

Also known as “password guessing,” there are many different ways to identify and validate username and password pairs. But whatever it is called, the goal of attempted mass logins is always the same–and that’s to get into accounts to gather data and commit fraud.

Payment Attack Definitions

Card Cracking

Bots are able to use credit cards by “cracking” them. During the process, different numbers are cycled to identify any unknown numbers, expiration dates and security codes.


When fraudsters obtain bulk stolen payment card data, they use bots for multiple payment authorization attempts used to verify the card data validity. Normally they will screen cards on point of sale sites with little protection in place, and before the cards are reported stolen.

Cashing Out

Buying goods or obtaining cash utilizing a validated stolen payment card or other user account data.

Credit Card Fraud

When a fraudster uses stolen or hacked credit card info for unauthorized payments.

Denial of Inventory

Bots attack by booking goods or services online with eCommerce companies without ever completing the purchase or transaction. This holds or reserves the inventory and ‘denies’ it to the legitimate customers.

Gift Card Fraud

Attackers use automated attacks to enumerate gift card numbers and passcodes. The stolen gift cards are then used to purchase goods or the details are resold on the dark web before the legitimate user actually uses the cards.

 Price Scraping

To help gain a competitive advantage, bots are used to gather pricing information and availability from competitors or simply to resell the data to other parties.

Ticket Scalping

Bots will use automation and speed to obtain limited-availability and/or preferred goods/services for resale to make a profit and block legitimate consumers from buying at fair market value.

Other Attack Definitions

 Ad Fraud

Marketers in particular should be concerned with how bots impact their campaigns. With ad fraud, bots falsely click and fraudulently display web advertisements.


CAPTCHA tests users to try and prove if they are human or bot. During CAPTCHA defeat, bots or humans solve the anti-automation tests for a fee.

Vulnerability Scanning

Bots are excellent crawlers and are often sent to collect application information, software and hardware version info and/or other available data to find vulnerable targets. We often see attackers exploit unpatched servers with zero day vulnerabilities before IT can complete new patches.

Data Mining

The process of collecting large amounts of data from the internet.

Distributed Denial-of-Service (DDoS) Attack

On a larger scale than denial of service (DoS), DDoS is an attack that attempts to disrupt the normal traffic of a target server, service, or network by flooding the target or the surrounding infrastructure with internet traffic.

Domain Hijacking

The act of changing the registration of a domain name without the permission of the original owner, or by abuse of privileges on domain hosting and domain registrar systems.

Form Spam

Bots are programmed to find forms, then fill out and submit them with irrelevant or fake information, including ads, abusive language, and spam links.


Adding malicious or questionable information so it appears in public or private content, databases or user messages.


Now that you are an expert in all things bot mitigation, put it to the test. Contact us to schedule a demo of our BotRx ProTx bot mitigation solution and see all of the definitions come to life.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore