People are desperate for a change of scenery after spending months staring at the same four walls during the global pandemic. As restrictions begin to relax, travelers have wasted no time in planning trips more exhilarating than the one from their living room couch to the kitchen chair. While online searches for safe travel returns lists and tips including airing out your vacation rental and toting your own disinfectant, you don’t typically see ‘use strong credentials on travel booking sites.’ And that’s a serious problem. Because any time there is an uptick in online activity, fraudsters are there to sniff out opportunities to use malicious bots for financial gain.
Unlike other types of cybercrime, employing bots is cheap and achievable even without specialized knowledge. The process is made even easier when consumers reuse their username/password combinations, which are often the only barrier between a malicious bot and credit card information.
Protecting the Travel Industry From Bots
We’re never going to reach a point where every user has perfect cyber hygiene. It’s far more likely that companies and organizations will implement stricter security controls first. You see, if a consumer’s credit card information is stolen and used for illegitimate transactions, there is a safety net. Major payment networks flag and block transactions as part of a range of benefits to cardholders.
In the case of travel industry companies, if bots are used to scrape content, the same safety net doesn’t exist for their finances. The process of collecting data from websites isn’t illegal. In fact, there is an entire market for scrapers and companies that provide those services, which are sometimes used for good. But when it’s used for nefarious purposes, web scraping bots can collect and deliver pricing, product descriptions, and images to third-party websites, which increases the cost of networks, damages search engine optimization (SEO) rankings and can even direct consumers to competitor websites.
Car Rental Companies Feeling the Brunt of Bad Bots
What could these bot attacks look like for the rest of summer, and through the year? For one thing, the airline industry is not poised to rebound anytime soon. In the meantime, a safer and more favorable way to travel is by car. What may sound like good news to rental giants like Hertz, which has been struggling to stay afloat after COVID-19 evaporated a majority of its sales overnight, also puts companies in danger of scraping and account takeover attacks (ATO).
China, which has led the COVID-19 timeline, has recently reported their rental car sector is set to exceed $14.4 billion. The orders on China’s largest online travel agency, Trip.com, which operates more than 2,000 car rental companies, are expected to increase by 30 percent on a yearly basis. Plus, nearly two-thirds of its car rental customers are new users this year, indicating growth of user accounts. This increase creates not only more opportunities to hijack accounts, but for fake account creation. When this occurs it can skew a variety of KPIS and metrics like user engagement that help the decision making process of eCommerce companies.
These serve as just examples of what could come. As life continues to shift and rebound around the world, it will be increasingly important to know who and what is in your traffic. At BotRx we uncover the real users behind eCommerce website and mobile app traffic with business logic analytics and detailed fingerprinting. Using Moving Target Defense (MTD), machine learning, artificial intelligence, and behavioral analytics, attackers are quickly identified and stopped before they can perform malicious activities including ATO, account hijacking, and content/price scraping.
If and when fraudsters move to human-powered attacks for high-value targets, BotRx continues to provide the same level of protection with built in business logic analytics to proactively identify manual attacks from legitimate customer transactions.
To stay safe and learn more about bot attacks in a pandemic world, read our blog series.