Welcome back to our Evolution of Scalper Bots series. In part one, the Origins of Scalping, we started our journey through scalping’s long history. We saw that it is far from a new concept: people have been reselling high-demand items for centuries, from as far back as 325 BCE! We’ll continue our journey at the turn of the 21st Century. With the advent of online ticketing, a new frontier had just been opened for scalpers, and things would never be the same again.

In recent weeks we’ve covered how criminals use bots to steal accounts across the web. Credential stuffing tools make this easy and quick to do. If you missed it, watch a live demo of the process in this webinar. In this post we’ll look in more detail at what happens next. How do criminals monetize stolen accounts? To answer this, we’ll use the example of streaming services – one of the quickest and easiest commodities for crooks to shift and make a quick profit.

Attackers and bot authors are continually evolving their methods, shifting their focus beyond just websites. With websites often having a reasonable level of protection, malicious actors are increasingly targeting less-protected areas, namely APIs, with their bots. This blog post delves into the evolving threat landscape. We’ll focus on how attackers exploit APIs and IoT devices to launch attacks like credential stuffing, using streaming services as a prime example.

In the evolving landscape of online ticketing and eCommerce, few technological developments have been as controversial as scalper bots. These automated programs, designed to purchase high-demand items faster and more efficiently than humans could, have transformed the way we buy and sell coveted goods online. During this forthcoming blog series, we are going to explore the fascinating evolution of scalper bots. We will trace their origins, developments, and impacts across several distinct eras.

Streaming services are one of the most popular targets for cybercriminals. Using automated bots, attackers steal millions of streaming accounts each month. Adversaries quickly sell these via illegal marketplaces to make massive profits. Although any streaming service is vulnerable to account takeover and credential stuffing attacks, there are additional risks and damages when live event streaming is on offer.