If you’ve been searching for a PS5 these past months—convinced that the solution to the ennui of lockdown life lies in next-gen gaming—it’s likely that you’ve also made a new, hated enemy: retail bots.
For many, attempts to buy the console have followed the same sad pattern. A store, like Argos, Currys PC World, or GAME, announces it has new stock. Customers descend on the site—more than 160,000 at once, in the case of Currys—crashing it. When the virtual dust settles, the consoles are gone. Almost instantly, hundreds begin to appear on eBay for double the price. The culprits? Scalpers and their weapon of choice: retail bots. And the pandemic has created an ideal hunting ground.
There are three kinds of bots at work, explains Thomas Platt, head of ecommerce at Netacea, a cybersecurity company. The first, and most notorious, is called an AIO bot, or all-in-one bot. These move at an inhuman rate, scanning hundreds of websites every second to check if the PS5 is in stock. The instant an item drops, the bot will buy it and check out, faster than a human could ever type their details. These bots, explains Platt, will have multiple accounts loaded with multiple credit cards, so they can pick up large quantities of PS5s.
The two other common types of bot are similar. One will check to see if an item becomes available, then send the bot’s owner a text or notification; the other lets you pay a fee to get a checkout slot. “Or they’re pausing and holding that stock in rotation until they sell it,” says Platt. “That’s something we saw a lot in the ticket industry a while ago, and we see a lot in the airline industry, where you might hold the item, put it up for retail on another site, and as soon as you get a bid on it, you automatically purchase it.”
Scalping bots aren’t new. Online ticket scalping was outlawed in the UK in 2018, and “sneakerbots” drive a secondary retail market for rare trainers worth $2 billion. It’s been typical to see bots target big shopping events like Black Friday. Before the pandemic, they were growing in popularity as a result of the retail industry’s increasing reliance on hype and limited stocks. “We are seeing more and more hard sales recently, with limited stock,” says Benjamin Fabre, CTO of DataDome, a cybersecurity company.
But the pandemic has kicked these bots into overdrive, and it’s not just the result of more aggressive sales events and shopping being pushed online (you can’t, obviously, have a retail bot camp out in front of your local GAME store). Damaged supply chains have limited the stock of usually plentiful items, creating scarcity, and scarcity is what scalpers prey on. “We used to see niche groups of people targeting niche groups of things,” says Platt. “And now what we realize is they can target things that aren’t so niche, and they can make a lot of money. And that’s the real switch for us.”
From gym equipment to hot tubs to Magic the Gathering trading cards, the net has widened for these groups, which have grown into huge communities. “It’s spreading across the board,” says Jason Kent at Cequence Security, a cybersecurity software company. “The guys that worked on buying the most desirable shoes have realized that they can spread their knowledge, ability, and concepts to whatever.”
Data provided by Netacea showed that a botnet which used 300 compromised machines made 1 million attempts to buy PS5s over six hours, and that “cook communities” of would-be scalpers can reach up to 20,000 people. When Google searches for PS5 spike, so do those for scalper bots.
This srticle was first published on WIRED