Study: Bots pose major online fraud threat

Randy Bryce, an ironworker seeking to unseat Representative Paul Ryan of Wisconsin, purchased Devumi followers in 2015, when he was a blogger and labor activist. Louise Linton, the wife of the Treasury secretary, Steven Mnuchin, bought followers when she was trying to gain traction as an actress. Using different tricks, the bots are able to fool retail sites into thinking that they’re legitimate customers. By obtaining a valid cookie, they scrape the website’s inventory to impersonate a human being.

It has threatened to criminalise scalping for events at these facilities. The project also aims to explore the ways that trust is built between anonymous participants in a commercial transaction for possibly illegal goods. Perhaps most surprisingly, not one of the 12 deals the robot has made has ended in a scam. The gallery is next door to a police station, but the artists say they are not afraid of legal repercussions of their bot buying illegal goods. “When there is no competition to incentivize better services and fair prices, we all suffer the consequences,” Klobuchar said. The motion, which focused on games consoles and computer components, said a ban would “deny unscrupulous vendors the chance to make themselves vast profits at the expense of genuine gamers and computer users”.

Escalating Fraudulent Online Transactions

There’s hundreds of people with bots that are running for Switches, Oculus, and Webcams,” one moderator of the community said in the Discord group chat. “Yeah mine are taking so long to deliver I want them to hurry up while everyone stills [sic] has some money,” one apparent reseller said referring to their Switch orders. This week, around 600 users were in the Bird Bot support Discord server when Motherboard joined, and chat logs from the server indicate it has had up to 1,000 participants recently. You can foun additiona information about ai customer service and artificial intelligence and NLP. Some of the users explicitly say in sections of the group chat that they are trying to sell consoles, or they share screenshots of offers they have received for their stock.

The bots are even loaded with CAPTCHA-solving solutions that solve these kinds of Turing tests, which are designed to block such automated tools. In-store releases used to be the defacto way to sell new sneakers. These retail store events have become less common as they’re a sure bet for logitistical chaos—and sometimes violence. Today, the majority of new sneakers are released and sold online. But for sneaker brands and retailers, the relationship is more complicated.

Scalper bots circumvent traditional detection methods and controls to buy any in-demand item imaginable, faster than any could, to be resold at a profit. According to a report published by bot management specialists Netacea, almost half of Americans believe that they have been unable to buy what they wanted because of suspected scalper bot activity. Miquela is not a traditional “bot” — her activity is not necessarily automated — but she is straddling a new frontier of what it means to be a human versus a machine. Her followers respond to her posts as though they are talking to a real person, but there’s no telling who’s talking back. The Signifyd study also showed that AI-based bot-driven fraud attacks against retailers increased every month year-over-year between August 2022 and April 2024, peaking with a 137% spike in January 2024.

A timeline of Quincy Jones’ career in 15 essential songs

At least five Devumi influencer customers are also contractors for HelloSociety, an influencer agency owned by The New York Times Company. Over two years, the Democratic public relations consultant and CNN contributor Hilary Rosen bought more than a half-million fake followers from Devumi. Ms. Rosen previously spent more than a decade as head of the Recording Industry Association of America.

Ben Leventhal, who co-founded the reservation site Resy, in 2014, agreed to meet me for dinner to fill me in on the new restaurant-booking landscape. He left Resy four years ago, after American Express bought the company, and he has since created a customer-loyalty app called Blackbird, which doesn’t make bookings but rewards customers with the restaurant equivalent of frequent-flyer points. Earlier, he’d told me, “The average diner in New York ChatGPT App City is massively disadvantaged, and they don’t even know it. It’s as if they’re bringing a knife to a gunfight.” He’d suggested we meet at Ralph Lauren’s Polo Bar, on East Fifty-fifth Street—one of the most sought-after tables in town. (He booked it.) I found him, wearing a trim blue suit and sitting at a table by a fireplace in the equestrian-themed bar. Countless fans who had registered to receive presale codes struggled to buy tickets.

How bots help snatch up PlayStation 5 consoles with superhuman speed

He also notes that specialist small gaming stores have been much harder to crack because they use Captcha to discombobulate bots. Buying up stock as soon as it drops and reselling it at a higher price seems, to some, ethically unsound. While many bemoan the practice in tweet threads and Discord channels, others have taken advantage of the scarcity of everything from sneakers to games consoles, Ikea clocks and even snack food — forming so-called “cook groups.” In July, one Australian scalping group bragged about getting into the back end of Big W and purchasing consoles before they even went live on the company’s webpage. The group proudly touted its win on its Instagram page, but Big W said that “all attempts at placing fraudulent orders” were unsuccessful.

• AI-driven super bots comprised 33% of observed activity and employed advanced evasion techniques to bypass traditional detection tools.
• But in January last year, Ms. Ireland had only about 160,000 followers.
• Chris has spent hours examining the Supreme site’s source code, looking for changes that could affect the bot’s success rate.
• Phil Pallen, a brand strategist based in Los Angeles, offers customers “growth & ad campaigns” on social media.
• Almost immediately, Swift tickets popped up on the secondary market.

Nate acknowledged that the bot is designed for both resellers and people who want to grab a Switch for themselves. Because the sneakers are so valuable to resellers and collectors, the bots designed to snag them are also in high demand. CyberAIO’s speed and its ability to stay one step ahead of companies’ defenses give fans a leg up on the competition. Lucas, the bot’s creator, charges people £200 (about $256) up front for the right to use the bot, with another £50 subscription fee charged every six months.

Fraudsters are taking advantage of tools, such as highly customized versions of Google Puppeteer and Microsoft Playwright, to develop these automated threats,” Rieniets told the E-Commerce Times. As the instrument that will one day power flying cars, operate delicate surgeries, and even create new art trends, artificial intelligence or “AI” is often thought of as future technology. But if you own any type of electronic device—a phone, computer, tablet or even smartwatch—chances are you’re using AI every day, especially when it comes to bots.

The cook groups use bots to monitor major retailers and, sometimes, to allow auto-checkout. The major difference is that the groups usually require an upfront fee to gain access to their Discord and are filled with people looking to buy and resell, rather than people just trying to score products for themselves. Millions of Americans shopping for holiday gifts are competing for the best deals with tireless shoppers who work 24/7 — and it’s not a fair fight. Retail experts say a large share of online buying is being done by automated bots, software designed to scoop up huge amounts of popular items and resell them at higher prices. But finalphoenix had stumbled into a lively ecosystem of hype bots—bots just designed to grab clothing, probably to impress others—scrapers, and resellers, some who use black hat tactics and bribery to get what they want to turn a profit. Some of these bot creators sell their services and customer support to people who don’t have the technical know-how, but just want to get items that are in high demand.

“I’ve been applying for new jobs, and I’m really grateful that no one saw this account and thought it was me,” Ms. Ingle said. Once contacted by The Times, Ms. Ingle reported the account to Twitter, which deactivated it. “The content — pictures of women in thongs, pictures of women’s chests — it’s not anything I want to be represented with my faith, my name, where I live,” said Ms. Wolfe, who is active in her local Southern Baptist congregation. Sam Dodd, a college student and aspiring filmmaker, set up his Twitter account as a high school sophomore in Maryland. Before he even graduated, his Twitter details were copied onto a bot account. Mr. Aiken and Ms. Morgan did not respond to requests for comment.

He outlined the basics of using bots to grow a reselling business. We used our own money and had the products shipped to our own addresses. We were just making the purchases a lot quicker than other shoppers could,” Davie told the E-Commerce Times. Since the pandemic, tough reservations have gotten even tougher. In the new world order, desirable reservations are like currency; booking confirmations for 4 Charles Prime Rib, a clubby West Village steakhouse, have recently been spotted on Hinge and Tinder profiles. “I was scammed out of $300 when I was 17, trying to see one of my favorite artists play at a local venue,” said Riley Blocker, a sophomore studying popular music and a member of the band Right Rosemary.

The PS5, which comes in a digital or disc version, was inflated by even more as demand surged. With demand high and supply limited, the resellers have been listing PS5s and Xbox consoles on websites like eBay for massively inflated prices. The government has been under pressure to address rampant scalping for tickets to pop music shows, which are often resold for up to 25 times their original price. Fans have queued for days in advance at box offices only to be told tickets have sold out online.

Devumi’s Web

Subscriptions to the Discord servers can cost $15 to $20 a month, she added. This can be somewhat technical, so when buying a bot, a user also typically gains access to a private Discord server, where other users act as technical support, helping them setup the infrastructure necessary for scraping. “If I just do this one time, I won’t be a bad guy,” she recalled thinking. “That does not seem like a normal behavior where people like you and me are trying to log in two times in an hour from a home IP address,” explained Jain. Bot attacks are an ever-emerging process that spans many different industries. When Arkose mitigates an attack scenario in one sector, attackers will hop to a different industry or platform.

Big Tech has also been in the agency’s crosshairs, which has made Khan a target of attacks by many in the business world who see her as being too forceful. So-called “insider” reviews are prohibited by employees of a given company, but the FTC also says anyone with a “material connection” to the business should also refrain from creating reviews, including “immediate relatives” of employees. The FTC first began the process for this crackdown on fake reviews back in November 2022 and most recently held a hearing on the rule in February 2024. That hearing allowed the agency to hear feedback and make changes to the proposals, clarifying a number of points that may have been confusing for consumers and businesses. Oasis, the band everyone likes to sing after too many pints at karaoke, is going on tour. Well, not exactly on tour—it’s more like 17 dates in the UK and Ireland in summer 2025.

But in January last year, Ms. Ireland had only about 160,000 followers. The next month, an employee at the branding agency she owns, Sterling/Winters, spent about $2,000 for 300,000 more followers, according to Devumi records. The employee later made more purchases, he acknowledged in an interview. Much of Ms. Ireland’s Twitter following appears to consist of bots, a Times analysis found. But company records reviewed by The Times revealed much of what Devumi and its customers prefer to conceal.

But the line blurs when it comes to scalping, and more of us are being drawn into this seemingly harmless activity. The study, based on DataDome Advanced Threat Research large-scale analysis of more than 14,000 websites, found that the luxury and e-commerce sectors are at the highest risk for online fraud. DataDome analysis indicates that only 5% of luxury brand websites and 10% bots for buying online of e-commerce websites are fully protected against bad bots as the holiday shopping season approaches. The price difference has allowed Mr. Calas to build a small fortune, according to company records. In just a few years, Devumi sold about 200 million Twitter followers to at least 39,000 customers, accounting for a third of more than $6 million in sales during that period.

• It then rented 2,000 computer servers in Texas and Amsterdam and programmed them to simulate the way a human would act on a website—using a fake mouse to scroll the fake website and falsely appearing to be signed in to Facebook.
• Unlike prior generations, the rush to buy a PlayStation 5 or Xbox Series S/X has largely taken place online due to safety reasons surrounding the ongoing COVID pandemic, as stores did not want consumers to flock to their branches in massive numbers.
• A Justice Department antitrust investigation into Live Nation Entertainment was made public earlier this month.
• Signifyd provides ecommerce security and fraud prevention services.
• In July, one Australian scalping group bragged about getting into the back end of Big W and purchasing consoles before they even went live on the company’s webpage.
• Singer Robert Smith said earlier this month the band had reclaimed about 7,000 tickets obtained by apparent bots and re-sellers.

The scalpers simultaneously bragged and advertised by posting photos of their caches on social media and marketplace sites, where the consoles were selling for up to 10 times their list price. While former botter Mitch Davies didn’t break any laws when he used the automated software to buy up limited edition sneakers for resale, he said he’s now trying to be part of the solution. He helps companies fight bad bots as a data scientist with Bay Area cybersecurity startup Arkose Labs.

Employees sometimes had little idea what their colleagues were doing, even if they were working on the same project. On his LinkedIn profile, Mr. Calas is described as a “serial entrepreneur,” with a long record in the tech business and an advanced degree from the Massachusetts Institute of Technology. After emailing Mr. Calas last year, a Times reporter visited Devumi’s Manhattan address, listed on its website. The building has dozens of tenants, including a medical clinic and a labor union. But Devumi and its parent company, Bytion, do not appear to be among them. A spokesman for the building’s owner said neither Devumi nor Bytion had ever rented space there.

Ticketmaster blamed “staggering” demand for its repeated website crashes, and subsequent decision to cancel the presale after it was already launched, locking out countless fans who had waited all day for the chance to buy. “While bots may not be the only reason for these problems, which Congress is evaluating, fighting bots is an important step in reducing consumer costs in the online ticketing industry,” Blackburn and Blumenthal wrote. Some UK retailers appear to be reluctant to publicly discuss retail ChatGPT bots in depth, though in the US, Walmart last month acknowledged the challenges posed by what it called “grinch bots” – named after the Dr Seuss character the Grinch. It revealed that in the run-up to Black Friday in November, as it was about to put its PS5s on sale, it blocked more than 20m bot attempts within 30 minutes. The pandemic has intensified the problem, with lockdowns forcing retailers to shut stores, thereby preventing them from making people queue in person to buy one item per customer.