Imperva Research Labs finds account takeover attacks 2-3 times higher during England games

SAN MATEO, CA — July 11, 2021 — Imperva, Inc., (@Imperva) the cybersecurity leader whose mission is to help organizations protect their data and all paths to it, releases new threat intelligence research that shows advanced bot traffic on sporting and gambling sites across Europe has increased before and during the UEFA European Championship 2020.

Imperva Research Labs finds all bot traffic on global sporting sites soared 96% year-on-year in the weeks preceding the start of the Euro 2020 tournament, and increased by 26% over April 2021 alone. In particular, UK gambling sites were heavily targeted by bot operators in the week before England and Scotland kicked off their respective campaigns. Days when the England national team played were particularly high risk, with account takeover attacks – designed to break into accounts and obtain gamblers’ digital wallets – spiked by 2 or 3 times the daily average compared to other days during the tournament. 

Nor was the UK the only target: bot traffic on gambling sites in Germany spiked 41% in the week following the country’s defeat of Portugal and leading up to their match with Hungary on 23 June. Imperva Research Labs also saw a pattern of attacks getting larger as the tournament progressed with a notable peak occurring on 26 June, which marked the start of the Round of 16.  

Account Takeover (ATO) is a form of fraud where a cybercriminal uses a botnet to gain illegal access to accounts belonging to someone else. This is usually achieved using brute force login techniques such as credential stuffing, credential cracking or dictionary attack. Gambling sites are a lucrative target for account takeover attacks because user profiles often have financial information or even funds stored.

A successful ATO can result in financial fraud, theft of Personally Identifiable Information (PII) or sensitive business information. On average, websites face an account takeover attack 16% of the time, according to Imperva’s Bad Bot Report 2021. Data from Imperva Research Labs reveals that a third of all login attempts in 2020 were malicious. 

“This level of sustained bot activity is unprecedented for sports and gambling sites and indicates that bot operators are evolving their tactics,” says Matthew Hathaway, Vice President, Imperva. “Euro 2020 is the first major international tournament where, thanks to COVID-19, typical revenue sources such as ticket scalping have disappeared. As a result, bot operators have re-engineered their tactics to target the rest of us watching at home instead. With so many people loading up their accounts with hefty sums, gaining access is an easy money source for criminals – especially VIP customers who tend to stake huge wagers.”

The explosive growth of bot activity in the sporting and gambling markets mirrors similar activity in industries such as e-commerce and healthcare, as revealed earlier this year in the Imperva Bad Bot Report 2021. The report shows bad bot activity in 2020 accounted for more than a quarter of all web traffic, an unprecedented record, while human traffic on web sites decreased by 5.7%. Last year, 27.7% of all web traffic on gaming and gambling sites was associated with advanced persistent bots (APBs) — traffic that closely mimics human behavior and is harder to detect and stop. Meanwhile, 33.7% of web traffic to sporting sites was made up of bad bots that were associated with everything from account takeover attacks to promotion abuse and odds scraping.

Nearly a third of Brits gamble every week in some form,” continues Hathaway. “That’s a gigantic pool of victims for hackers to target. They only need a tiny percentage of their attacks to be successful to make a profit. The increased level of bot traffic around the Euros tournament shows an advanced, concerted campaign to trick consumers and damage businesses which is unlikely to stop, especially with the Summer Olympics upcoming. Consumers need to watch out for any suspicious forms and URLs on sporting and gaming sites, while businesses need to put in place protections that can identify bad bot traffic and siphon it off without interrupting genuine customers.”

Additional Information

  • Learn how the threats from bad bots are evolving in the Imperva Bad Bot Report 2021 
  • Watch an explainer video to see why bots are becoming a more sophisticated business risk for all industries
  • Check out the Imperva Blog for the latest products and solutions news and threat intelligence from Imperva Research Labs

About Imperva

Imperva is the cybersecurity leader whose mission is to help organizations protect their data and all paths to it. Customers around the world trust Imperva to protect their applications, data and websites from cyber attacks. With an integrated approach combining edge, application security and data security, Imperva protects companies through all stages of their digital journey. Imperva Research Labs and our global intelligence community enable Imperva to stay ahead of the threat landscape and seamlessly integrate the latest security, privacy and compliance expertise into our solutions.


© 2021 Imperva, Inc. All rights reserved. Imperva is a registered trademark of Imperva, Inc.

# # #