FTC Issues Final Rule Targeting Fake Consumer Reviews and Testimonials, Including Those Generated by Artificial Intelligence AI and Online Bots

There is, after all, a reason that using scalper bots to buy and sell tickets is illegal. Much to the frustration of shoppers, bots are snatching up exclusive items like sneakers and concert tickets instantly. But while some are fighting back against bots, others are taking advantage of them to access ultra-hyped items the second they drop. There’s not a ton of motivation to solve the issue given that the consoles are being sold either way, so who cares? And people can’t prove the bots got a console and they didn’t, necessarily, and since it happens across almost all retailers, people are equally mad at all of them.

Sign up for The Brief, The Texas Tribune’s daily newsletter that keeps readers up to speed on the most essential Texas news. «They catch up to you and it’s a cat-and-mouse game where you’re trying to improve your product,» Lucas said. «If you find the right opening, you should be able to get the edge.»

«Anywhere there is scarcity, there is some form of scalpers or resale market,» says Pallant, pointing to sneakers,

Lego

sets and NFTs to make his point. Back then, he says, it was even more difficult to grab a console than it is today. Stock levels were poor and shipments to Australian stores were infrequent. He’d been passionate about programming for a few years and turned his attention to creating a PS5 bot so he could «compete with the scalpers,» he says. Texas’ senior U.S. senator, John Cornyn, said he is proposing a federal bill that would require ticket seller and reseller websites to disclose all prices and fees before purchases in response to the ticket fiasco.

Because the sneakers are so valuable to resellers and collectors, the bots designed to snag them are also in high demand. Traffic from a sneaker release in March, showing bot traffic eclipsing human traffic. Nike was also celebrating its «Air Max Day» campaign, in honor of a pair of sneakers released on March 26, 1987. With that came a series of rare releases, including a pair of Sean Wotherspoon Air Max 1/97s, which Complex ranked as the best sneaker of 2018. Karl Triebes, SVP and GM of Application Security at Imperva says, “The security risks that the retail industry faces are more sophisticated, automated, and harder to detect.

Consumers, DTE to expand EV charger network in Michigan

Grinch bots — a breed of sophisticated scalping bots — often disrupt holiday sale events and product drops. They query online inventories and purchase the most sought-after items of the season for the purpose of reselling them at a significant markup. You can foun additiona information about ai customer service and artificial intelligence and NLP. The ecommerce industry remains a lucrative target for cybercriminal activity. Built on a vast network of API connections and third-party ChatGPT dependencies, online retailers are increasingly vulnerable to business logic abuse and client-side attacks. Motivated cybercriminals are also eager to compromise user accounts for personal data and payment information. Reports abound of scalping rings in the United States and the United Kingdom scooping up thousands of Sony Sony PlayStation 5 (PS-5) units on the day they were released.

Internal steps and collaborative efforts are paramount to successfully adopting these strategies. Implementing a multilayered security approach involves integrating advanced bot detection and mitigation technologies that can identify and neutralize threats in real time. This includes deploying machine learning models that analyze user behavior, detect anomalies and distinguish between legitimate users and malicious bots.

Many potential buyers gave up, assuming that the shoes were probably sold out already. “I realized that automating things was the best way to secure not just one pair but multiple pairs,” Mr. Titus said. If there is a person who keeps Shopify employees awake at night, it’s probably Lucas Titus, a 19-year-old who started college in London this month. Nike often collaborated with skaters, designers and streetwear brands such as Supreme, which elevated the SB (for skateboarding) Dunks into a status symbol.

Lewisville Rep. Kronda Thimesch introduced a similar bill to Zaffirini’s in an attempt to quell fans’ bad blood, partially because her own daughter was unable to get tickets. «If a pair of Yeezys were released tomorrow and they didn’t sell out, the hype around Yeezys would die down,» he said. Security researchers have to contend with millions of bot attacks every day. “For the resellers, especially on the scale that I see within China, where they have thousands and thousands of products,” she added. Some people have insiders at companies that will leak information about upcoming clothes, and the unique product ID needed to quickly spot them as they’re listed online.

Newsletters

Some private groups specialize in helping its paying members nab bots when they drop. These bot-nabbing groups use software extensions – basically other bots — to get their hands on the coveted technology that typically costs a few hundred dollars at release. The Michigan bills would further enforce the federal law and allow the state’s Attorney General office to take legal action against individuals or groups using bots to snatch concert tickets. While fans continue to ask «Is it over now?» the consequences of bot use in online ticket buying will be left to the attorney general. Taylor Swift fans across the state know all too well the fight for Eras Tour tickets against bots. Now, Gov. Katie Hobbs has signed legislation to prevent bots from purchasing more tickets than the posted limit, which could put power back in the hands of ticket buyers across the state.

Using sophisticated bots to exploit weaknesses in online ticketing and queueing systems, they quickly get ahead of everyday fans. These groups aren’t too dissimilar to Jeremy’s legion of followers listening out for Discord alerts. The cook groups use bots to monitor major retailers and, sometimes, to allow auto-checkout. The major difference is that the groups usually require an upfront fee to gain access to their Discord and are filled with people looking to buy and resell, rather than people just trying to score products for themselves. Most business logic attacks are automated and often target API connections.

Here, buyers need to use different accounts, proxies to route their traffic, and other technical means as workarounds. UK-based CrepChiefNotify, a subscription service that teaches members how to use bots and alerts them to the availability of hot items, claims its customers have purchased about 6,000 new PS5s and Xboxes. Nike Inc, a major target of resellers, has come up with creative ways to battle the bots, such as giving established members on its SNKRS app the chance to reserve shoes that they can pick up at a Nike store.

The not as good news is that the scalpers and fraudsters are undoubtedly plotting their next workaround as you read this. Spotting a malicious bot engaging in scalping is a more challenging problem. It’s not illegal, but it does violate some retailers’ policies, as it is certainly detrimental to a retailer’s business. Fraudsters know that the early stages of the payment process—account creation, account login and updating accounts with additional payment forms—are more vulnerable than the actual checkout.

Despite how lucrative CyberAIO is, Lucas looks at the sneaker bot as a part-time job — he’s still a student. He said his parents know about his side hustle and are perfectly fine with what he’s doing. One prolific unnamed botnet sent more than 473 million requests to visit the website. Two other bots that weren’t as popular still managed to hit the website with ChatGPT App 18 million and 9.4 million requests. Sole Collector’s sneaker release calendar listed an Adidas collaboration with musician Pharrell Williams, Nike’s collaboration with NBA star LeBron James and several Air Jordan releases. «They waited and waited until there was an actual moment with a sale to happen, and they used all the tools in their tool kit,» Shaul said.

• The Rule now enables the FTC to seek monetary relief for consumers up to $52,000 per violation—yet enables courts to impose lower per-violation penalties—when businesses buy or sell fake reviews and testimonials.
• Insider spoke to teen reseller Leon Chen who has purchased four bots.
• Subscriptions to the Discord servers can cost $15 to $20 a month, she added.

In certain cultures, the perception of scarcity and value might affect the prevalence of ticket scalping, as there may be a strong belief that highly sought-after events or limited-capacity shows have more value. Ticket scalpers may exploit this perception of scarcity to charge higher prices, and some fans may be willing to pay a premium to secure tickets for these exclusive events. However, Hansen added that digital queue hopping is one of the largest ways online scalpers can gain an unfair advantage.

While many bemoan the practice in tweet threads and Discord channels, others have taken advantage of the scarcity of everything from sneakers to games consoles, Ikea clocks and even snack food — forming so-called «cook groups.» There are indicators that suggest the number of attacks on online retailers will rise during the 2023 holiday shopping season. The majority of attacks on business logic are automated and often focused on abusing API connections. 17% of all attacks on APIs came from bad bots abusing business logic. Attack patterns don’t exist to monitor for these exploitations, and it’s impossible to apply a generic rule and assume all application and API deployments are secure. These methods were used rampantly when Eras Tour tickets went on sale last November, causing a meltdown for fans who waited for hours in jammed virtual queues.

Stripe Customer ID

Scalpers score tickets at face value and then resell them for a significant markup, or cause mayhem by hoarding inventory to jack up those secondary ticketing prices. The result for fans is the same—a massively frustrating experience for those who just want to listen to music. He has since donated $1,000 USD to the Make-A-Wish Foundation from the money he earned in donations gathered by developers who used the bot. “We proposed examining the principles behind Secondary Selling of Tickets legislation drafted to tackle unfair ticket touting as a possible route to prevent scalping,” says Chapman.

• Signifyd provides ecommerce security and fraud prevention services.
• Kanye West worked with Nike and Adidas on realizing his vision for Yeezys.
• Bird Bot, created by Nate, is able to bypass the digital walls of a Walmart or Best Buy to skip lines and checkout with products faster.

But for now, such bots are allowed to conduct their sneaky and profitable campaigns with little legal pushback. Using different tricks, the bots are able to fool retail sites into thinking that they’re legitimate customers. By obtaining a valid cookie, they scrape the website’s inventory to impersonate a human being. The bots are even loaded with CAPTCHA-solving solutions that solve these kinds of Turing tests, which are designed to block such automated tools.

A few months ago, Sony issued a free DLC (downloadable content) for “Astro’s Playroom” that connects the previous game with the new one. Since all PS5 consoles come with “Astro’s Playroom” for free, it’s more than likely that “Astro Bot” will become a big hit for Sony. This is because every console owner has played the previous installment and are likely to want more from the character. Several media reports have indicated that some big time Democratic donors to Kamala Harris’ presidential campaign against Donald Trump are making a push to oust her.

Those bills banned the use of an automated software program to purchase an excess amount of event tickets or circumvent waiting periods and pre-sale codes, according to 12 News in Arizona. For example, advanced bots or human-assisted services bots for purchasing online can bypass CAPTCHAs. Distributed botnets that deploy requests from multiple IP addresses can circumvent rate limiting and IP blocking. These traditional methods can also lead to a poor user experience, causing friction for genuine customers.

community news

When they first drop, most of Supreme’s popular pieces don’t cost much more than a video­game—but obsessives who strike out will spend big bucks on the secondary market to snag the company’s coveted hypebeast staples. The FTC has been on a tear during the Biden years, beefing up enforcement of rules intended to protect consumers, attempting to crack down on scams, and keeping companies in check. Big Tech has also been in the agency’s crosshairs, which has made Khan a target of attacks by many in the business world who see her as being too forceful. The ban on fake reviews includes AI-generated reviews and real people that have no experience with the product being reviewed. Buying reviews, whether positive or negative, is also banned in any form.

The Retail Industry Leaders Association said many stores have policies that monitor and cap the amount of purchases of high-demand products both in the stores and online. U.S. Sen. Charles Schumer is calling on retailers to crack down on the «Grinch bots» that are spoiling the holiday season. I learned, in the process of fighting for the console, that scarcity is not scarce. Sometimes it’s deliberately built into sales, other times it’s brought on by a worldwide pandemic. The problem is it’s not necessarily the manufacturers or retailers that end up hurt or disappointed by demand. I was sitting at my desk and, with the previous day’s loss fresh in my mind, ready to move faster than usual.

«It’s growing in sophistication,» Kent said about the bot software. Walmart told CBS MoneyWatch earlier this month that it’s working to prevent bot activity to ensure customers can buy the new gaming consoles. «It’s not unusual to see bot activity, especially on hot items like the PS5,» a spokeswoman said.

The two-tone alert signaled a «drop,» as PS5 hunters call them, of fresh stock at an online store. It also signaled the opening of an extremely limited window to purchase the console. For Texas Taylor Swift fans, karma is a bill being signed into law Monday that prohibits the use of bots to buy live event tickets online. The new legislation comes after millions of Swifties were unable to live their wildest dreams by attending the pop star’s Eras Tour.

But for sneaker brands and retailers, the relationship is more complicated. Shoppers armed with specialized sneaker bots can deplete a store’s inventory in the time it takes a person to select a size and fill in shipping and payment information. For limited-release shoes, the time advantage afforded by a bot could mean the difference between disappointment and hundreds of dollars in instant profit. As an example, it may take a normal user several screens of interaction to select seats, provide payment details and check-out of a ticketing system. Sophisticated bots used by scalpers can often bypass the ticket selection and payment steps, going straight to the ‘checkout and pay screen’ by exploiting the underlying APIs of the ticketing system.

Bots represent a hot trend in the tech world, touted by the likes of

Google

and Facebook. They’re already widespread across the internet, offering useful features like helping you fall asleep. Others have more nefarious purposes, like scooping up all those Kendrick Lamar concert tickets in seconds, before you even have a chance. The bot is so effective at buying exclusive sneakers online that the people tasked with supporting it don’t even want a salary. They just want to use the bot to nab the latest pair of sneakers themselves.

Jeremy constantly checks the health of his bot with a dedicated monitor and is active online, making sure he alerts his 75,000 followers to any glitches or pings that might set his bots off accidentally. They begin with the assumption that, though people update their opinions as they receive new information, this process dampens over time; opinions harden. “You’ll listen to me less and less if you already have a lot of information, and something new won’t likely change your opinion,” Zaman said. In addition, account takeover, DDoS, API abuse, and client-side attacks were significant risks.

Although U.S. law prohibits ticketing scalpers under the federal Better Online Ticket Sales (BOTS) Act of 2016, no such protections exist for retailers. A related problem is account takeovers (ATO) because consumers use the same login credentials for various accounts. Fraudsters exploit this by using stolen credentials to launch credential-stuffing attacks. “It indicates that bots are becoming increasingly advanced to overcome increasingly sophisticated bot defenses. Fraudsters are taking advantage of tools, such as highly customized versions of Google Puppeteer and Microsoft Playwright, to develop these automated threats,” Rieniets told the E-Commerce Times. An example would be an agreement between Reddit and Google to let Google use the gathered data to build large language models (LLMs) to train Google AI.

It will then use that info to interact with a manufacturer’s or retailer’s bots to provide information all the way up to the purchase. It’s centered upon retailers using their AI tools to create a better search journey for their consumers, agrees Liz Papasakelariou, head of consumer products at Publicis Sapient. State Reps. Mike McFall, D-Hazel Park, and Graham Filler, R-Clinton County, introduced two so-called Taylor Swift bills. «I was scammed out of $300 when I was 17, trying to see one of my favorite artists play at a local venue,» said Riley Blocker, a sophomore studying popular music and a member of the band Right Rosemary. «Basically, they’d just bought from the venue, potentially with bot accounts, and resold the tickets at a preposterously heightened price.» The two-bill package, introduced by Reps. Mike McFall (D-Hazel Park) and Graham Filler (R-St. Johns), is similar to legislation that was enacted into law this month in Arizona, dubbed the “Taylor Swift” bills.

In 2023, attackers put an acute focus on application layer (Layer 7) DDoS, with the goal of disrupting or taking applications offline. One of the larger application layer (layer 7) attacks Imperva monitored was in November 2022, correlating with Black Friday and Cyber Monday. These attacks often come from vast networks of automated bots or compromised devices, known as botnets. Now customers can use it to buy immediately from 130 different shops. Proofpoint’s Mesdaq said that CyberAIO is constantly popping up as a highly recommended bot on social media. For a bot to work, it has to be in limited supply — if everyone had the bot, no one would really have an advantage.

If directed, the programs will automatically pick up the item and bypass the usual shopping cart flow by heading to the checkout page. On October 13, 2023, the third episode of the 15th season of «Shark Tank» premiered on ABC to just over 3.2 million live and same-day viewers. Both Mark Cuban and guest shark Michael Rubin of Fanatic showed interest, with Rubin, in particular, wanting to have the potential disruptor as part of his portfolio instead of on the outside. The legislation is similar to the so-called “Taylor Swift” laws recently passed in Arizona after tickets were gobbled up for Swift’s Eras concert tour by automated bots that later resold the tickets for higher prices. The global online ticketing market size is expected to hit $68 billion by 2025, which means ticket scalpers are making more profit than ever on snapping up lucrative tickets to resell on the secondary market.

On the days leading up to Black Friday and Cyber Monday, bots outnumber humans by 20 to 1. The shopping experience is moving from buying from a digital channel to one that’s AI-assisted, more proactive and instructive, and increasingly more tailored to the consumer as an individual, he notes. French-based home improvement retailer Bricorama developed a GenAI-powered conversational shopping assistant called “pAInt,” to interact with and guide customers through every stage of their painting projects. This is important for companies, retailers, and brands to better inform the search journey, which helps position them better to ensure they have the right content and engagement for consumers, Papasakelariou says.