After Apple introduced the new iPhone 15 lineup this month, it’s clear they will be on the top of holiday wish lists for many. Unfortunately, there’s already pent-up demand for these models and it’s anticipated the Pro Max will take months before people will receive them. And when there’s this much demand, the bots are sure to follow to get their piece of the pie. 

As we recently saw with Taylor Swift tickets and PS5s last holiday season, scalpers are using bots to automate purchases of the new iPhone to maximize their profits.

Skipping the Digital Line for an iPhone 15

Kasada has been witnessing successful botting activity to abuse the Apple iPhone Pro Max pre-ordering process. More often than not, the activity is within the same communities and all-in-one (AIO) services that make their money scalping hype sneakers and electronics consoles.

Here’s an example of an AIO bot notorious for sniping electronics and GPUs shifting their efforts towards the iPhone15. The expected profit made by scaling one of the Pro models is estimated at $300 each. Given Apple’s flexible return policy, there’s little risk of being stuck with the device so scalpers see this opportunity for profit as a risk-free return.

Here’s another example of AIO bots that quickly shifted their bot’s capabilities to exploit Apple’s pre-ordering event. They claim to have checked out nearly 2,500 iPhone 15 devices in a single day. At an estimated profit of $300 each, that’s an easy $750,000 profit for those scalpers leveraging this bot. 

Screenshot of an adversary boasting about iPhone 15 Apple orders by using a bot.

Other AIO bots have gotten in on the action too. This one claims 3,000 successful checkouts, setting expectations of shipment within the first week of its launch date. These scalpers can expect to make nearly $1,000,000 from this sale.

Screenshot of an AIO bot boasting about over 3,000 purchased iPhone 15s.

In addition to the AIOs promoting their bots’ capabilities, individual users have written their own bots without having to subscribe as a service. Here are some examples of people boasting their success pre-ordering 15 Pro Max devices on their own. Most of the population wanting to pre-order is at a severe disadvantage in ordering a new iPhone without the use of a bot.

Screenshot of various iPhone 15s available to purchase by bots.

Screenshot showing that bots have spent around $18,000 ordering the new iPhone 15.

Screenshot showing placed iPhone 15 product orders using a bot.

Less sophisticated botters “want to buy” (wtb) checkout scripts that are known to be successful, whether from an AIO or elsewhere.

Screenshot of an adversary looking to buy a bot checkout script for Apple.

In addition to abusing Apple’s website for pre-ordering, Kasada is also observing bots being used to abuse the wireless providers that sell their locked versions of the iPhone 15. Here’s an example of those claiming the use of bots against a popular wireless carrier to automate their pre-order process and complete it within 10 seconds.

Screenshot of a conversation that shows someone admitting to using a bot to checkout the iPhone 15s.

Don’t Let Bots Break Your Brand

Retailers make their money whether their products are purchased from humans or bots. But there’s a huge cost in not taking action to stop automating against their website. Why?

One reason is the enormous operational cost of having to process all of this traffic. Several retailers have told us they’ve spent over $10 million per year due to the overprovisioning, bandwidth, and business logic necessary to process the traffic from just one bot.

But the bigger cost is the cost of a tarnished brand reputation. Consumers expect a fair, equitable experience, and those who value their brand need to step up to combat the bots.

Stopping bots is easier said than done. The collaborative communities that make up the underground bot economy quickly change their tactics. Defending against them requires a modern approach that moves as quickly as adversaries. This is why Kasada is focused on its unmatched understanding of the human minds behind the bots. Kasada is dynamic, unpredictable, and expensive to attack, deterring even the most motivated adversaries. 

Our vision is to transform the Internet into a more authentic community, where each user is a real person, and where companies and customers can confidently engage and thrive. 

See what we see with a free personalized assessment summarizing how bots are impacting your business.

Want to learn more?

  • Kasada’s Reflections on the Q3 2024 Forrester Wave™ – Bot Management Evaluation

    Kasada named a Strong Performer. Here are some of our own reflections having taken part in this evaluation.

  • Exposing the Credential Stuffing Ecosystem

    Through our infiltration of the credential stuffing ecosystem, we reveal how various individuals collaborate to execute attacks and expose vulnerabilities for profit.

Beat the bots without bothering your customers — see how.