Do you have (bad) bots? 4 ways to spot malicious bot activity on your site

This is a guest blog post from CHEQ, the leader in Customer Acquisition Security.
5 min read
CHEQ blog

For any online business, distinguishing between malicious bots and human users is a challenge. Business leaders want to ensure the traffic coming to their websites is valid and is best positioned to convert into customers, but with Invalid Traffic becoming increasingly problematic for achieving business objectives, it’s important to identify if any malicious bots are actively harming your business. 

It is important to distinguish bad bots from real human users because bad bots are more than just an inconvenience, they can be detrimental to organizational operations and growth. In fact, malicious bots affect companies in a variety of ways. They can poison advertising campaigns by polluting paid marketing audiences and skewing optimizations toward additional invalid traffic. They harm conversion funnels by infecting CRM data with invalid leads, and they also impact an entire business’s source of truth by making their way into data & analytics tools. 

Before we dive into how to identify and mitigate the risks associated with bad bots, let’s first define what a bad bot is and how they are different from good bots. At a high level, “bot” is a general term for any automated tool that interacts with content on the internet. Some bots are harmless and can even be helpful in cases of gathering information or prioritizing content. Two of the most common types of good bots are Scrapers and Crawlers. Scrapers scan websites for a specific piece of data, while Crawlers index content, most commonly for search engine purposes. Some of the most well-known tech companies in the world utilize these types of good bots to accomplish tasks. However, on the other side of the coin are bad bots that have malicious intentions. These types of bots seek to actively harm websites and target everyday users. For example, Spam Bots are bots that are typically used in email or messaging apps and send out massive quantities of messages to a set of users. Another example is Account Takeover Bots that imitate users by operating under their profile. This is concerning to many users, not only because they are losing control of their account, but also because this could allow the bot to steal valuable personal information.

How to spot malicious bots?

So now that we’ve identified the issue and how it impacts business objectives, let’s discuss how to spot malicious bots:

  • Suspicious user-level behavior: There are certain patterns that relate to how humans typically browse and move around on the internet. Bad bots however, behave a bit differently. This can take the form of non-human mouse movement, moving quickly from page to page, causing unusually high bounce rates and more pages visited per session.
  • Suspicious network-level behavior: When we go one step beyond individual user behavior, we notice how larger networks typically behave. For example, when botnets coordinate an attack, they might storm a given site in high numbers. You may notice this if there is an abnormal traffic spike on a particular day, or if there is a lot of traffic coming to your site at unusual hours. For example, you typically see 5,000 visitors daily, and most traffic occurs during work hours, then one day you see 500,000 visitors or visitors clicking around on your site at 3am. 
  • Manipulated information: Sometimes malicious bots hide behind certain tools to mask themselves, so it is important to look out for information that seems false or manipulated. For example, a botnet might actually run on Linux but they could manipulate browser data to try to appear to come from an iOS device. Similarly, if a bot is coming from a country that your business doesn’t typically work with, they might use a VPN or proxy tool to pretend they are coming from a less suspicious geolocation. 
  • Conversion anomalies: Bots, particularly malicious ones, tend to convert at the top of the funnel, but not at the bottom of the funnel. What we mean by that is they love clicking through on ads, visiting landing pages, filling out forms and registering for services, but they don’t ultimately convert to paying customers. So if you see cohorts of users who are very engaged on your site, but their conversion rate to paying customers is much lower than your normal benchmark, that could be indicative of bad bot behavior. 


Of course, there are many more ways to spot malicious bot activity, and additional indicators to look for. Not all bots operate in exactly the same manner, so it’s wise to look at each threat carefully. In many cases, professional cybersecurity technology is required to identify and catch more sophisticated malicious bots. However, by simply being aware of the issue and knowing key patterns to look out for, organizations can get ahead of the problem and better protect themselves against bad bots. To learn more, visit


Kerry Coppinger | Manager, Brand Marketing @ CHEQ