Introduction: What are Freebie Bots?

Steep discounts drove Cyber Monday online sales to hit a record of $11.3 billion last year. But some of those discounts were created by mistake. And you better believe people were taking advantage of the errors – with some scoring items that were nearly free, or in some cases, 100% off.

These glitches don’t just happen during the holiday season. Human errors occur all year long. And now automated scripts called Freebie Bots exploit these errors on retail websites. This enables tens of thousands of users to automatically purchase mispriced or misdescribed items every couple of seconds or less. Once the items are received, the users then resell these items for a massive profit.

Opportunistic people who use Freebie Bots can receive upwards of $100,000 per month in free (or almost free) goods – costing retailers millions of dollars on a monthly basis, according to our research.

Freebie Bots: Costing Retailers Millions

eCommerce companies and consumers alike are all too familiar with scalper bots, purchasing and reselling tickets, sneakers, and in-demand holiday items for a profit. Freebie Bots are a mix of scraper and scalper bots, leveraging similar communities and technology that have made them especially difficult to detect and easy to access, with their own twist.

 

Freebie Bot Successful Checkout

Figure 1: Example of Discord message within a Freebie community, automating the discovery of a pricing error and checkout for a graphic card.

Unlike scalper bots, Freebie bots don’t just scoop up hot gifts and electronics like PS5s and graphics cards. They target any item that could be resold on secondary marketplaces including Amazon, eBay, and Facebook Marketplace for a profit.

Freebie Bots may even be more detrimental for retailers than scalper bots, as they aren’t limited to only buying items where demand greatly exceeds supply. Any good could be priced or described incorrectly, either by misplacing a decimal or making an error when copy and pasting. It only takes seconds for a Freebie Bot to swoop in and purchase thousands of items – all before the human error is discovered and fixed. When traditional scalpers successfully purchase goods to resell, at least the retailers are selling their goods at full price. With Freebie Bots, retailers end up selling items at a loss when they fulfill mispriced orders.

“Retailers are already facing pressures this holiday season due to inflation and the annual recurrence of Grinch Bots. Adding Freebie Bots to the mix gives retailers another headache to deal with, one that directly hits their revenues, as they’re compelled to fulfill orders made with pricing errors.” – Sam Crowther, Founder, Kasada

3 Critical Problems With Freebie Bots for Retailers:

  1. Revenue loss: Retailers’ bottom lines take a direct hit when they fulfill the orders made by Freebie Bots, which they usually do to honor the mistake that was made.
  2. Poor user experience: Legitimate customers have a negative online experience due to Freebie Bots – not only because products are out of stock, but because the websites have slow performance due to bot traffic. This in turn, results in brand and reputational damage.
  3. Added operational costs: Freebie Bots take a toll on retailers’ websites, resulting in high costs to process infrastructure on their sites to support the additional traffic. The infrastructure tax can actually cost more than having to honor the sale of the mispriced goods for many retailers.

In this blog, we’ll share data on the Freebie Bot activity we’ve observed leading up to Thanksgiving and Black Friday 2022 as well as throughout the Cyber Five holiday sales weekend, and what to expect in the coming months.

Freebie Bot Findings – Before Black Friday

Prior to Black Friday, Kasada saw Freebie Bots expand from targeting only the largest retailers to now hundreds of eCommerce organizations of all sizes, due to economies of scale. It costs very little to design and operate a bot that can scan various sites. The bot operators themselves can yield even bigger profits from selling Freebie Bots as a service to other people who want to try and acquire merchandise for free.

In October and November 2022, the Kasada Threat Intelligence Team observed Freebie Bots targeting over 250 retail companies with more than 7 million daily messages sent within the Freebie communities.

Within the month leading up to Black Friday week, our team found that one Freebie Bot Community secured the following:

  • Total retail value of goods: Secured close to 100,000 products for a combined retail value of $3.4 million
  • Total cost of goods: Freebie Bots only spent $882 total
  • Top items purchased: Offbrand Sleeveless Halter Neck Mini Dress, 2020 MacBook Air Laptop, and Deep Cleansing Facial Mask

Freebie Bot Findings – During the Cyber Five Holiday Sales Weekend

Freebie Bots ramped up operations in a big way for Black Friday and Cyber Monday. Reseller arbitrage (the gap between the purchase price and the resale price) broadens as a result of holiday sales events, which increases the financial opportunity for bot operators.

Kasada researchers observed Freebie Bot activity over the Cyber Five Holiday weekend, which represents Thanksgiving until Cyber Monday. As you can see in the graph below, Freebie Bot checkout activity steadily increased the week of Black Friday.

 

Freebie Bot Checkouts Black Friday

Figure 2: Freebie Bot completed checkouts steadily ramped up activity from Sunday, November 20 to Black Friday, November 25.

Here is the Freebie Bot example that we saw during the 2022 Black Friday and Cyber Monday weekend:

  • Total retail value of goods: Secured $500,000 worth of products using just one Freebie Bot that targeted one retailer
  • Total cost of goods: 610 people spent a total of $85.36 using Freebie Bots
  • Top items purchased: Dog Collars, LED Strips, and Dinosaur Toy Hand Puppets

Freebie Bots – After Cyber Monday and Beyond

Just because the Cyber Five holiday sales are over, it doesn’t mean that Freebie Bots are going away. In fact, they are prevalent year-round and don’t need to rely on hype releases or peak-selling events to profit. They just need people to make mistakes. And because we’re human, we all make mistakes, right?

Freebie Bots will continue to exploit these errors for financial gain in 2023 – not only because there’s an opportunity to make money, but because they’re hard to detect and stop.

Bots are watching and waiting for price glitches and inaccurate product descriptions. Freebie Bots are constantly searching for the highest discounts by percentage, mostly from 70 to 100% off.

Unfortunately, Freebie Bots are becoming increasingly more difficult for retailers and eCommerce providers to detect and stop because they are evolving. They inherit many of the same stealthy techniques used by Grinch Bots to evade detection. The automated nature of the way Freebie Bots operate makes it nearly impossible for online companies to keep up with the speed at which they conduct their attacks.

What You Can Do to Stop Freebie Bots

Freebie Bots are costing some retailers millions of dollars every month of the year. In addition to impacting your inventory, revenue, and brand, Freebie Bots also increase infrastructure expenses. Retailers, at great cost, need to maintain a strong site architecture in order to handle this demand without crashing or becoming unavailable to regular shoppers. Preventing Freebie Bots from gaining access in the first place would significantly lower these costs.

If you’re a retailer or eCommerce provider, you should look for an anti-bot solution that identifies automation at its source, adapts quickly to changes, and has an experienced team behind the scenes.

Ready to learn which threats are targeting your organization? Request a threat assessment today.

Want to learn more?

  • Kasada’s Reflections on the Q3 2024 Forrester Wave™ – Bot Management Evaluation

    Kasada named a Strong Performer. Here are some of our own reflections having taken part in this evaluation.

  • Exposing the Credential Stuffing Ecosystem

    Through our infiltration of the credential stuffing ecosystem, we reveal how various individuals collaborate to execute attacks and expose vulnerabilities for profit.

Beat the bots without bothering your customers — see how.