San Francisco-based bot mitigation site Distil Networks has released its latest report which warns that websites with login pages – such as online real estate sites – are at risk of data theft, account takeover and fraud.
The 2017 Bad Bot Report: If You Build It, They Will Come found that websites requiring a login are almost certain to be attacked by bad bots, with 96 percent of such sites targeted by malicious bots. The Bad bots are used by competitors, hackers and fraudsters and are the key culprits behind web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, data theft, spam, digital ad fraud, and downtime.
● Unique content and/or product and pricing information
● Sign-up, login, and account pages
● Payment processors
● Web forms, such as contact, discussion forums, and reviews
Distil Network’s product marketing manager Peter Zavlaris said unfortunately, online real estate sites possessed many of the attributes that allowed bots to attack.
"Websites are absolutely irresistible to bad bots if they have logins, pricing information and or proprietary data, and payment processing," Zavlaris told PPW. "The bad news for real estate sites is they tend to have most of these attributes."
“Ninety-seven per cent of sites with pricing - like house listings - are scraped, 96% of logins are attacked, and 90% of sites have bad bots behind the login—where real estate sites have proprietary data like mortgage calculators, price/tax history information, agent finders," Zavlaris said.
“The impact on real estate site owners isn’t just stolen intellectual property and account takeover—bad bots cause collateral damage in the process," he says. "Thirty-three per cent of sites are hit with large spikes in bad bot traffic that slow load times and cause downtime. Ninety-four per cent of sites are hit with bad bots that can skew web analytics damaging conversion tracking—making it impossible to optimize conversion performance."
And keep an eye on your security.
“You’ve heard it a million times before, but it’s always worth repeating, get – and stay – on top of patches and site security,” he advised.
“Fewer than 50 percent of enterprises patch quickly enough to block the bad guys, and fewer than 30 percent of corporate websites use SSL.”