Introduction

Black Friday has long been a cornerstone of the retail calendar, not just in the United States but around the globe. During this period, including Thanksgiving weekend and Cyber Monday, consumers anticipate steep discounts and rush to purchase products both in-store and online. However, these low prices also bring about a surge in unethical buying practices and automated attacks that can disadvantage both retailers and genuine customers.

Last year, we delved into how malicious bots exploited Black Friday 2022 sales by analyzing data from retail enterprises protected by F5 Distributed Cloud Bot Defense. In this previous article, we concluded that while Black Friday led to increased legitimate user traffic there was no widespread rise in unwanted automation across online retailers as a whole. However, grocery enterprises on the web and fashion and eCommerce mobile applications did see a notable increase in automated attacks. There were marked increases in malicious automation targeting user login and user registration pages, with a marked rise in attack sophistication during this period.

As retailers across the world brace for Black Friday 2024, they are wondering whether they will face similar challenges, or if new threats will emerge. This analysis hopes to shed some light on these questions based on Black Friday 2023, and suggest strategies to safeguard businesses and consumers in the upcoming Black Friday season.

Executive Summary

The 2023 Black Friday shopping season revealed critical insights into legitimate customer traffic and malicious automation trends. Retailers saw an impressive 46.6% increase in legitimate traffic compared to 2022 with elevated transaction volumes persisting for four days post-event. However, malicious automation declined slightly, year-on-year, a reduction largely attributed to the attackers growing weary of being continuously blocked.

Despite the overall decline, specific industries such as grocery and fashion retail experienced targeted automated attacks. Grocery retailers faced significant increases in bot-driven activities, particularly targeting web login and account registration flows, with malicious automation peaking at 21.8% on Black Friday. Similarly, fashion retailers were heavily impacted by bots targeting gift card abuse and account login pages. Mobile APIs also became a critical attack vector, with grocery retailers facing persistent scraping attacks on “add-to-cart” pages and fashion retailers enduring a surge in mobile API login automation leading up to Black Friday. These patterns demonstrate a shift in attacker behavior, with increased sophistication and focus on high-value flows such as fake account creation and credential stuffing.

Black Friday 2023 Analysis

Later sections in this article will explore the differences we found between how web and mobile apps are targeted, as well as highlight those industries most affected. Let us first start, however, at a high level and uncover whether malicious automation does indeed peak during periods of intense sales.

Legitimate Traffic Went Up!

In both 2022 and 2023, retail companies experienced a significant uptick in legitimate customer traffic leading up to Black Friday. The steep rise in the legitimate traffic volume during Black Friday 2023 is illustrated in Figure 1. Since Black Friday (labelled ‘BF’ in figures) falls on different days across the two years, the x-axis has been adjusted to show the number of days before and after ‘BF’ so we can easily compare the two years. This ‘BF’ scale for the x-axis will be used throughout this article.

Customer traffic to both web and mobile apps surged by 46.6% on Black Friday itself, with elevated transaction volumes persisting for the next four days (by contrast, 2022 saw an increase of 23.2% on Black Friday).