top of page

Nearly Two-Thirds of ATO Attacks Use Advanced Bots to Mimic Human Behavior

Over 22 percent of all login attempts on retail websites were malicious, which is nearly twice the rate of malicious login attempts across all other industries. Online retailers are also more likely to see the use of compromised login credentials relative to other industries, while the use of advanced bots designed to mimic human behavior and avoid detection increased to over 30 percent of all bad bot attacks and 64 percent of all ATO attacks.

Retailers’ websites are more likely to see bot attacks and attempted use of stolen login credentials relative to websites for other industries and bot attacks significantly increase during the holiday seasons. These were two key takeaways from Imperva’s The State of Security Within eCommerce 2022 report.

According to the report, nearly 40 percent of all traffic on eCommerce retail websites were bots and 23.7 percent of all traffic came from malicious bots. Most concerning is the increased use of sophisticated bots designed to mimic human behavior and evade detection. The proportion of bad bot attacks coming from these advanced bots increased from 23.4 to 31.1 percent year-over-year. In 2021, 64.1 percent of ATO attacks used an advance bot.

Retailers are not just more likely to see more bot attacks in general, they also see a significantly higher amount of account takeover (ATO) attacks and more ATO attempts using compromised login credentials relative to other types of websites. According to the study, 22.6 percent of all login attempts on retail websites were malicious, a rate nearly twice as high as what other industries experienced.

Retailers' eCommerce websites are a popular place for fraudsters to attempt to monetize stolen username or email and password combinations. ATO attempts against retailers used compromised login credentials 94.7 percent of the time, compared to 69.6 percent for other industries.

Online and multi-channel retailers need to be diligent to defend against ATO attacks year-round and especially so during the holiday season. In 2021, bot attacks against retail websites increased 10 percent October and further increased by 34 percent in November. Similar surges in bot and ATO attack are almost certainly occurring now.

For more information:


bottom of page