‘Jingle bots’ are artificially ramming online shopping baskets to use up stock

I have my reservations about this story because we spend a lot of time in our office poring over the news for interesting stories and takes, and we haven’t seen it reported like this before. But it comes from a company called Radware, which is a publicly traded web app security company, so by the same token it would be odd if it was completely fabricated. A study by the firm has found that only a third of shoppers on e-commerce sites were in fact real people browsing for products over the Black Friday and Cyber Monday shopping period. The rest were a flood of bots (digital tools designed to mimic real-world users) deployed to jam warehouse inventory and reduce availability of items for real shoppers. They are nicknamed ‘Jingle bots’, a faintly revolting name that evokes disease, and their creators’ goal is to “put thousands of items into online retailers’ shopping baskets making the stock unavailable to genuine shoppers, or even redirect them to a competitor’s site,” according to Radware. The firm said it had reviewed millions of transactions across the globe, and found that almost half (45%) of traffic on product pages was made up of these bots. It is not clear who is responsible, because there are several reasons somebody might want to do this. It could just be hackers causing mayhem for a laugh. It could be corporate espionage by companies ‘scraping’ their rivals’ websites for up to date pricing – which is often updated in real time on the slickest sites in order to try and close deals with customers effectively. Or it could even be nation state attacks “intended to disrupt an economy”, says Radware. Pascal Geenens, security researcher at the firm, is warning shoppers and retailers to beware: “If you intend to buy presents online and see a low stock figure on an item it’s probably because bots are holding up stock. It’s worth checking back as the stock could change over the course of the day. “You’ll notice more and more sites will set a time limit on your check out to try and ensure stock gets to genuine customers and prevent their warehouses from being brought to a stand-still. These sites are actively managing things so it’s a good sign they are working on preventing bots from causing chaos.” You don’t need to be working in retail to appreciate how this phenomenon illuminates the risks to all type of businesses. With every passing year, business activities in every industry become more closely intertwined with and reliant on the internet, and if this bot-detecting analysis is accurate, the sheer scale of this malevolent online behaviour should be enough to make us all cautious. Word of the day then is ‘security’. Have a chat with whoever is responsible for your company’s online dependencies, and let them know about this story. It could prompt a minor interrogation of your setup and ensure that your webhost or IT team are on their toes.