How to ‘Spot’ a ‘Bot’, and Steer Clear of Them

reading time Reading Time: 6 minutes

If you’re one of the many people who enjoy twitter feeds or even the comments section at your favourite news websites, then you may already be well aware that some of the contributors aren’t exactly sitting or standing somewhere with a mobile device or notebook in front of them like you are. What we’re talking about here is ‘Bots’ and by that’s what means is an fabricated identity created in the digital space and armed with AI to be able to participate in convos and the like to further the interests of whatever interest group might be behind them.

‘Russian’ bots are the flavour of the years these days, and it’s believed that many of these non-animate opinion swayers come from Russia. Truth is, however, bots come from all over the place and these days they are all too commonplace. And they’re likely not going away anytime soon, so it’s good to know what these bots are, what they get up to, and – perhaps most importantly – how you can identify bots and put a whole lot less significance on what they have to say.

Now it needs to be said that here at 4GoodHosting we’re like any other reputable Canadian web hosting provider in that we’ve never created a bot, and in truth despite our familiarity with all things web hosting we wouldn’t even know how to even if we tried. We imagine that’s there are at least a few of out web hosting customers in Canada who have these malevolent means, but that’s neither here nor there.

Let’s spend today talking about what everyday, average individuals like you can actually do to distinguish between a bot and a legit, human contributor.

Looks and Sounds Legit, But…

Sophisticated bots look and act like human users, and it’s true that most bot activity indistinguishable from human activity to the naked eye. Even the majority of bot detection software struggles with being able to identify the entirety of them. This is a problem, and here’s why – with the ability to look like a million different humans at any time you could do a lot that wouldn’t be possible if you only had your one actual identity to work with online.

Among other examples, you could ‘listen’ to a song or ‘watch’ a video as necessary to push it to the top of the charts and quickly create the impression that something is popular or trending. Then there’s the trend of upvoting comments or retweeting content to further political aims – something we’re almost sure to be seeing right now even with upcoming presidential election in the US.

Successful bot-related cybercrime requires to elements for unquestioned success. First is a valuable demographic, and second is the technology to go undetected by intended victims. Getting back to the ‘Russian’ front with this, one of the things that as noted was how Russian interference in UK politics displayed how powerful bots can be in influencing public sentiment.

The current COVID 19 pandemic has this very much on display too. As lockdowns became a reality in the spring and people became increasingly forced to live their lives digitally, cybercriminals were presented with the perfect opportunity and bots have been the perfect tool for all the disruptiveness they’re aiming for.

So how does the less tech-savvy majority of us here in North America even have a clue as to who might be a bot, and who is definitely NOT a bot. But what about ‘good’ bots.

Yes, they exist. So let’s compart the two before getting to ways to identify bots online.

Good Bots / Bad Bots

As we just suggested, bots aren’t always bad. Bots – in their most basic identifiable form - are merely software scripts living on computers, and we should keep in mind that many everyday internet tasks are taken on by bots all the time and we all benefit from that.

These little digital ‘critters’ are essential to search engines and anti-virus companies being able to crawl, analyse, and catalogue data from web servers. It’s only the alternate end of things when bots are used by cybercriminals that the whole thing becomes malicious. We’re talking about stealing login credentials, hacking accounts, spreading disinformation, and so on.

Get thousands of the critters out there working in unison with each other and you have what’s called a botnet. Cybercriminals get a lot of mileage out of these botnets, and that’s not a good thing.

Start with Fraudulent Apps

One of the ways cybercriminals have been making the most of people’s changing behavior is via fraudulent apps, our recent research determined. Looking at apps critically is a good place to start for learning how to identify bots. So how is a person supposed to know if an app is legit.

Here are common identifiers that should put up red flags for you:

Do reviews relate that ads pop up all the time? Even while on the Android homepage?

Do they talk about the app disappearing from the drawer and being unable to uninstall it?

Are they full of complaints that the app doesn't work?

Is this the only app the app ‘publisher’ has to offer?

Find that the answer is yes to any of the above, and it might be an app full of bots and one that you should consider taking a pass on.

Bots & Account Takeovers

Account takeovers are another good indicator of bots being on the scene. Bots have the ability to use your credentials to log into your accounts, such as banking, ticketing sites, social media platforms and online stores, without ever being detected.

Sure, CAPTCHA security protocols exist, but sometimes they’re insufficiently strong enough to be able to decipher a sophisticated bot from a human. This makes clear how human-like these bots can be. Sophisticated cybercriminal operations even have people working for them to crack CAPTCHA forms for ease of entry. It results in sophisticated bots being able to use your data and your personal information to assume your identity and causing mayhem with your personal accounts.

Examples could be transferring money to themselves via your online banking account, or asking friends and family members to do the same via social media. There’s a lot of possibilities here, and they’re all bad.

Ways to Keep your Accounts Safe

Follow these suggestions and you’ll be better protected against being infected with bots:

  • Avoid using the same password for multiple accounts. Going with a password manager to generate, store and autofill strong passwords is a much better – and safer – choice
  • Skip clicking on any links from suspicious emails or text messages. They could lead to phishing sites or cause you to accidentally download malware
  • Put in place 2-step verification or 2-factor authentication wherever possible. Third-party apps that help you do this are out there
  • Shop online only with reputable brands only, and choose to NOT store your credit card information with any of them

On public Wi-Fi? Use a VPN

You may also like: