Brief Overview
There are 18 Threat Types that are categorized into 3 Threat Groups, indicating the types of invalid visitors:
First Group - Threat Types Associated with Invalid Malicious Activity
Excessive Rate Limit
This type of action describes an excessive or unusually high number of submissions, actions, or clicks. Sometimes this is in the form of repeatedly hitting capacity for invalid actions (like incorrect login information). This is typically carried out by users who are posing as legitimate users but do not have any intention of following through and converting or working with your business.
Network Anomalies
This type of threat describes behavior that includes one or more attributes (e.g., IP, user cookie) associated with known irregular patterns. This includes non-disclosed auto-refresh traffic, duplicate clicks, and attribute mismatch. However, to be a network anomaly it must come from a network of devices rather than one individual or device.
Behavioral Anomalies
Behavioral anomalies occur when individuals are found to have hostile intentions based on behaviors or actions towards digital assets that draw red flags. Different from network anomalies, these unusual actions are taken by one individual person on a device rather than a network of devices.
False Representation
False Representation, also known as "user agent spoofing," occurs when the user information is modified with the intention of being misleading about who they really are. Bots are frequently programmed to hide their tracks and mask their identity in this way, but sometimes users do this as well, which is where this type of malicious user fits in.
Disabled JS
When the browser’s JavaScript is disabled, certain features on a website might not work. In other cases, the website might not operate completely, or you'll be stuck using an incredibly old version of the page. This changes the way a website appears and reduces someone’s chances of converting.
Disabled Cookies
Malicious users frequently disable cookies so they cannot be tracked. This changes the way they interact with a site because some features might not be accessible without enabling cookies. For example, the way they move throughout a site and the pages they view or click on is not available to a business. This is sometimes purposely done so they can interact with your assets without becoming a lead or customer in your system.
Click Farms
This type of fraud organization is typically groups of workers readily available for hire. They are paid to rapidly click on content or ads in order to manipulate data. Click farms have people clicking on ads with no intent of converting.
Click Hijacking
Click hijacking occurs when a valid user clicks on an asset that appears to be legitimate, but it is actually a malicious element in disguise. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.
Second Group - Threat Types Associated with Invalid Suspicious Activity
Proxies
A proxy is a middle-man tool that masks a user’s identity and location, but is not exclusively used for malicious purposes. However, since proxies make it easier for users to be anonymous, these types of tools can enable someone to manipulate traffic counts or pass on invalid traffic that would have otherwise been filtered out.
VPNs
A VPN, or virtual private network, is a common type of proxy. The main distinction is that VPNs have the added security of encryption. This allows users to access websites that normally would have been out of reach, which skews data and manipulates traffic, which causes inaccuracies in location and user information that a company might try to analyze.
Data Centers
Data centers are physical locations where computer technology stores data for many different users. So this type of activity comes from those centers rather than an individual device like a laptop, smart phone, or desktop computer. This should be flagged because it is not able to convert the way a user on an individual device would be able to.
Abnormal Rate Limits
Abnormal rate limit occurs when a user performs an unusual number of actions or requests on a particular advertisement, website, or other asset. Abnormal rate limits do not necessarily equate to malicious activity, but they can sometimes come from users trying to imitate someone else and not succeeding, therefore raising a red flag on the website.
Frequency Capping
Ad fatigue occurs when your audience sees your ads too often and disproportionally which causes your campaigns to become less effective and prevents users from moving down the sales funnel.
Using frequency capping, you can limit the number of times your ads appear to the same user.
Third Group - Threat Types Associated with Invalid Bot Activity
Malicious Bots
While there are many types of bots, and not all are bad-intentioned, malicious bots certainly are. Malicious bots are specifically designed to steal personal information, commit fraud, or commit some form of cyber crime. They can sometimes be referred to as "malware," and can enact a variety of attack patterns.
Automation Tools
These are tools that are used to perform automatic activity usually repetitively, fast and at scale. While automation tools are used for many purposes, since they are bots, they can not convert or complete real actions that a valid user could.
Scrapers
Scrapers typically scan your website looking for a specific target or piece of data. This frequently occurs on e-commerce websites with the intention to find prices to then sell items for slightly less and therefore gain more customers than the competition. Scrapers are looking for information and cannot become real users or customers.
Known Bots
These bots are sometimes considered “good bots” because they do not have malicious intent and are commonly found on the internet for innocent purposes including content indexing. However, since they share some characteristics with malicious bots, and cannot convert, it’s important to keep an eye on them when evaluating data and analytics.
Spambots
These are bots that actively send out large quantities of messages to users, typically through email. Spam bots can create many accounts and send out these messages to the masses in a quick way but they are not real users and do not intent to convert in any way.
Account Takeover
An account takeover occurs when one malicious user imitates the identity of another genuine user by using their account or profile. There are many types of accounts that could be taken over by a malicious user including: social media profiles, bank accounts, email accounts, television or streaming subscriptions, and more.