Belfast Telegraph

Understanding how to keep on the good side of bots

David McMaster
insight featured image

Subscribe to our mailing list

Update your subscriptions for Grant Thornton publications and events.


What is a bot? 

If you look up the definition in the Oxford dictionary, you would learn that it is “a computer program that runs automated tasks over the internet”. That doesn’t sound so bad on its own, and it isn’t – a program is a tool, a little different in that regard to, say, a hammer. In the right hands, hammers can be used to build all kinds of things, from the mundane to the spectacular, and on the other hand, they can be used to break those things into pieces.  

Bots are very much the same; good bots, for instance, are used to optimise webpages for search engines, collect and aggregate information, and perform complex analyses of the vast volumes of data that the internet holds. But unfortunately, not all bots are good.

What if they’re bad though? 

Bad bots are far more malicious in their intent and their impact. 

They can be used for ‘card cracking’, once a fraudster has part of a set of card details, a bot can be tasked to scour the internet in search of the missing information needed to enable that fraudster to make use of the card or even sell on the full set of details. Some bots can take that a step further and use the information they find to guess the missing details where they are not readily available.

Increasingly common ‘account takeover’ attacks involve giving a bot a set of already leaked credentials (a username and password) and having it test those credentials on many other services. These attacks rely on us using the same username/password combinations for several logins – and they work because so many of us do.

How often are these bots used? 

They are increasingly available to fraudsters as pre-packaged ready-to-go software. According to a recent Imperva Report, bad bots accounted for nearly 28% of all internet traffic globally in 2021; a proportion that has increased year-on-year since at least 2019.

What can I do? 

So what can you do to protect yourself? Whether you’re looking at personal or business security, you can take two basic steps. Firstly, look for services with a 2 Factor Authentication login (these will involve getting a temporary code to enter alongside your username and password), these are increasingly common for all online services but should be considered essential when it comes to banking and finance in particular.

Secondly, use different strong passwords for your various online logins and a password manager to keep track of them – many modern antivirus programs offer a password manager service, usually as a paid-for extra, but as a free alternative, check your browser to see if it can securely store passwords. Between those two steps, you should minimise the risk of your details being stolen by bad bots. The inconvenience of any comprised account, even just one, could be huge – it’s essential to make every effort to be secure.