Germany’s Federal Office for Information Security (BSI) has warned that Russia-based Kaspersky’s anti-virus software could be used for spying or launching cyber-attacks.

Russian Companies Forced To Launch Cyber-Attacks?  

The warning was aimed at Russian IT businesses who, claims the BSI, could be used via the software to carry out offensive operations, or forced against their will to attack target systems, or be spied upon. The warning also suggests that Kaspersky’s anti-virus products could be used as a tool for attacks against an IT company’s own customers.

Politically Motivated 

It is no surprise that Kaspersky has defended the safety of its products and stated that the BSI’s claims have been made purely on political grounds and not on any technical assessment of its products. Kaspersky has also denied any ties to any government, including Russia’s.

Sponsorship Dropped  

The warning by the BSI led to Eintracht Frankfurt football club dropping its sponsorship agreement with Kaspersky.

History of Accusations  

There have been many well-publicised accusations in the past against Kaspersky centring around the allegation of a possible close tie with the Russian state and, therefore, a possible security risk. For example:

In December 2017, following a warning in a letter by Director of the UK National Cyber Security Centre (NCSC), Ciaran Martin, to Whitehall chiefs about the danger of Russian software, Barclays bank has emailed its online banking customers to say that it would no longer be offering Kaspersky Russian anti-virus because of possible security risks.

Also in December 2017, then US President Donald Trump banned the use of Kaspersky Lab within the U.S. government as part of a broader defence policy spending bill. The ban reinforced a directive from September that year that civilian agencies should remove Kaspersky Lab software within 90 days. Both the earlier directive and the ban were based on security fears over Kaspersky’s possible links with the Russian State.

Kaspersky Says…  

In reply to the latest allegations from Germany, Kaspersky has issued a statement which explains that its “data processing infrastructure was relocated to Switzerland in 2018”, and that “the security and integrity of our data services and engineering practices have been confirmed by independent third-party assessment”.  

Kaspersky says that “We believe this decision is not based on a technical assessment of Kaspersky products – that we continuously advocated for with the BSI and across Europe – but instead is being made on political grounds.”  

What Does This Mean For Your Business?  

Suspicions about Kaspersky’s possible links to the Russian state have been the subject of several warnings from UK, US, and other nations’ security agencies over the past few years. It is not surprising, therefore, that with anti-Russian state feelings running high and sanctions being imposed that Kaspersky would again be in the frame. With a warning coming from such a credible and official source as Gemany’s Federal Office for Information Security (BSI), and with clear evidence of Russian cyber-attacks already (against Ukraine) it is not surprising that the warning has had an immediate commercial effect, i.e. dropped sponsorship by a major football club. It is unlikely that Kaspersky’s assurances will be heard at this time and more commercial pain for the company is likely to follow. The warning is part of an expanding surface of pressure and sanctions being applied in a bid to force an end to Putin’s war being waged against Ukraine.

With so many smart devices now all around us in homes and offices, we look here at ways to minimise the risk of having your privacy invaded.

The Internet of Things (IoT) 

IoT devices are those devices that are now present in most offices and homes that have a connection to the Internet and are, therefore, ‘smart’ and inter-connected. These devices, each of which has an IP address, could be anything from white goods, smart thermostats, digital assistants (Amazon Echo) to CCTV cameras, medical implants, industrial controllers, building entry systems, and even the car. There are now even smart malls and cities in some parts of the world. IoT devices transmit and collect data which can be processed in datacentres or the cloud and uses several different communications standards and protocols to communicate with other devices (Wi-Fi, Bluetooth, ZigBee or message queuing telemetry transport (MQTT).

Privacy Risks   

Although the smart element of these devices can be used to improve their performance, it can also represent a risk to privacy and security. For example, smart security cameras and smart assistants are essentially cameras and microphones in the home. Also, W-Fi routers, smart lightbulbs and other gadgets and wearables collect and transmit personal data. The risk is that the private data collected by IoT devices and shared over the internet could be vulnerable to hackers around the world. This, in turn, can compromise security as well as privacy as the hacked/intercepted data is used for cybercrime and physical crime (e.g. burglary) using information gained from CCTV cameras. Other risks include:

– Hackers remotely taking control of devices to misuse them and spy.

– Some IoT devices have pre-set, default unchangeable passwords, which, if discovered by cyber-criminals, can enable the device to be taken over and misused.

– IoT devices are prevalent and are often overlooked in security planning, leaving them unguarded and vulnerable to hacks and attacks.

– IoT devices are deployed in many systems that link to (and are supplied by) major utilities, e.g. smart meters in homes. This means that a large-scale attack on these IoT systems could affect the economy.

– “Shadow IoT” devices (i.e. connected to corporate networks without the knowledge of IT teams) also now pose a threat to organisations by allowing attackers a way to get into a corporate network. These devices can include fitness trackers, smartwatches and medical devices.

Protecting Privacy   

Actions that can be taken to retain privacy and limit the potential risks posed by IoT devices include:

– Securing your router by changing the default settings, i.e. the change the default administrative username, password, network name, and avoid using login names or passwords that contain your name, address, or router brand. Also, enable encryption and check for hardware and software updates.

– Changing the default username and password on IoT devices that connect to the router, using two-factor authentication (2FA).

– Not sharing passwords between devices.

– Taking time to understand what a device collects and how. Users may then make informed choices such a turning smart speakers or cameras off occasionally for privacy.

– Regularly updating each device’s firmware.

– Taking advantage of any extra security features on a device, e.g. enabling encryption or setting up a passcode lockout (“three strikes, and you’re out”).

– Disabling any data collection that is not seen as necessary on a device and disabling or disconnecting any devices that are not in regular use.

IoT Security

The threat of the IoT being used for cybercrime has prompted many businesses to start investing in IoT security solutions. According to a recent report by Meticulous Research®, the IoT Security Market could be worth as much $59.16 Billion by 2029.

What Does This Mean For Your Business?  

The IoT brings many advantages to businesses in terms of cost savings, the gathering of valuable data, monitoring and management. For consumers, smart devices deliver new levels of value-adding functionality and looking ahead, towns and cities will begin to rely even more on the benefits of IoT devices and systems. However, smart devices come with a privacy and security risk if certain steps are not taken such updating firmware, changing default passwords, and disconnecting them when they’re not needed. For businesses, IoT security has become an important issue and demand for it has increased in many industries and organisations. This demand is being driven by an increasing number of ransomware attacks on IoT devices, and an increase in the number of IoT security regulations. The risk may be even greater now in the light of the war waged by Russia on Ukraine. Businesses, therefore, need to take an audit of which IoT devices are in use and make sure appropriate measures are taken to maximise security and privacy.

A recent revision to the (draft) Online Safety Bill could mean that executives who don’t comply with the regulator’s information request could start facing penalties such as jail just two months after the bill becomes law.

The Online Safety Bill 

The UK government’s Online Safety Bill, published in May 2021 and now introduced to parliament, is (draft) legislation that’s designed to place a ‘duty of care’ on internet companies which host user-generated content to limit the spread of illegal content and “legal but harmful” content on these services.

The idea of the Online Safety Bill is essentially to prevent the spread of illegal content and activity (e.g. images of child abuse, terror material, and hate crimes), as well as to protect children from harmful material, and to protect adults from legal but harmful content.

The Bill applies to social media platforms, video-sharing platforms, search engines plus other tech services and requires them to put in place systems and processes to remove illegal content as soon as they become aware of it. The Bill also requires these services to take additional proactive measures with regards to the most harmful ‘priority’ forms of online illegal content.

Ofcom’s Expanded Role 

The Bill, which is due to be introduced as law later this year, will use Codes of Practice to regulate the behaviour of social media companies and will be enforced by the media and communications regulator, Ofcom. The regulator will have the powers to fine rule-breakers as much as 10 per cent of their global annual turnover! Also, Ofcom will have the powers to force companies failing to comply to improve their practices and even to block non-compliant sites.

Dame Melanie Dawes, Ofcom Chief Executive, said of the introduction of the Bill to Parliament (March 17): “Today marks an important step towards creating a safer life online for the UK’s children and adults. Our research shows the need for rules that protect users from serious harm, but which also value the great things about being online, including freedom of expression. We’re looking forward to starting the job”. 

Punishing Named Executives 

One recent aspect of the debate around the Online Safety Bill, in line with the idea of bringing about a new era of accountability, has been the naming and punishing of specific individuals/executives within offending companies to make them more accountable. The draft Bill, for example, already included the ability to impose criminal sanctions of named tech executives.

Was 2 Years – Could Be Two Months! 

These sanctions (i.e. prison sentences) were originally due to be delayed for two years (a grace period) after the laws are passed but some UK MPs have been asking the government to remove this long grace period before criminal sanctions can be faced.

Digital Secretary Nadine Dorries, who has personal experience of having been targeted by trolls, was recently reported to have favoured a six months timeline (grace period) before the imposition of prison terms for those tech execs who fail to remove “harmful algorithms”.

The most recent revisions to the Bill, however, mean that when it becomes law, the time frame for being able to apply criminal liability powers against senior executives in social media and tech companies could be down to as little as two months.

In a recent press release (March 17), the government said: “Today the government is announcing that executives whose companies fail to cooperate with Ofcom’s information requests could now face prosecution or jail time within two months of the Bill becoming law, instead of two years as it was previously drafted.” 

The punishment for not cooperating with Ofcom (including falsifying or destroying data) could see offenders facing up to two years in prison, or a substantial fine.

Offences 

The kinds of priority offences listed in the draft bill are terrorism, child sexual abuse, and exploitation. The Department for Digital, Culture, Media and Sport’s Secretary of State also has powers to add further priority offences (with Parliament’s approval) via secondary legislation once the bill becomes law.

As it stands now, the Bill has been written to tackle online safety in areas such as protecting children from harmful online content, limiting user’s exposure to illegal content and requiring online platforms where users can post their own content ensure they ‘protect children, tackle illegal activity and uphold their terms and conditions’.

More recent additions to areas covered by the Bill include:

– Making social media platforms tackle ‘legal but harmful’ content (as defined by Parliament).

– Tackling paid-for-scam adverts on social media and search engines.

– Ensuring that there are 18+ age verification checks on pornography-hosting sites.

Also written into the Bill are measures to address anonymous trolls online, and the criminalisation of cyber flashing.

What Does This Mean For Your Business? 

With the Bill being strengthened in recent months to bring about greater accountability among executives of social media companies, the hope is that this will make them take it more seriously and make compliance a priority. The treat of possible prison terms for executives, has now been backed up with a dramatically reduced ‘grace period’ – two months instead of two years. The hope that this will really drive the message home that the UK government now intends to get tougher about online safety and how social media platforms offer protection to users. The Bill is now being debated in Parliament which is a signal that it could soon become law. Social media platforms, freedom and rights groups, child safety organisations, law firms, and tech and safety commentators will now be watching closely to see what aspects of the Bill will make it into law and what changes will need to be made by tech businesses to comply.

It has been reported that hackers have been using CAPTCHA verification tests to get around automated spam scanners and trick them into letting their phishing emails through, hiding hide malicious links in HTML files. This technique has been used before and the advice is to not open or click on links in any unsolicited and suspicious-looking emails.

A new feature to Chrome’s built-in password manager means that users will soon be able to store notes with their passwords. The feature, currently limited to Chrome’s latest Canary release, means that:

– A “Notes” field will appear in Google Chrome’s password manager underneath the username and password fields.

– The option will appear when either editing an existing password or adding a new password.

– The new field is designed to give context to the account, and house security questions or other pieces of relevant information.

In this insight we look at how hypermiling techniques and tools can help reduce fuel costs and help the environment.

What Is Hypermiling? 

Hypermiling is driving (or flying) a vehicle with techniques that maximise fuel efficiency. Hypermiling enables car drivers, for example, to drive more economically, saving costly fuel and helping the environment. Hypermiling can help drivers to exceed a vehicle manufacturer’s stated efficiency simply by modifying driving habits and techniques.

Preparation 

Effective hypermiling for petrol and diesel cars really begins before a driver has even started the engine. This happens by thinking about, making decisions, and taking measures to ensure that fuel efficiency has the best chance of being maximised. Examples of preparation to maximise hypermiling include:

– Deciding whether each journey is necessary at all and whether the same result (and other benefits) could be received by walking, cycling, or using public transport.

– Keeping a car well maintained and regularly serviced. This can at least ensure that the engine runs as effectively and, therefore, as efficiently as possible. Regularly checking tyre pressure can also help to maximise fuel efficiency.

– Making sure that the car is never carrying unnecessary weight e.g., heavy items left in the boot or on the back seat that would require the engine to work harder and burn more fuel.

– Planning routes to minimise distances, minimise contact with heavy traffic, and minimise hills/gradients can help.

Hypermiling Techniques  

Once a driver has started their journey, some of the techniques and tactics that can be used to maximise fuel efficiency include:

– Driving smoothly by trying to anticipate accelerations and breaking and using the right engine speed. Studies have shown that this kind of driving behaviour can reduce fuel consumption by as much as 25 per cent.

– Driving slowly, being gentle on the accelerator pedal, and avoiding driving with bare feet or just socks. Hypermiling experts suggest that drivers have more control when wearing shoes.

– Consider using gentle pulse and glide acceleration.

– Minimise distractions in the car while driving as concentration on the road ahead can help a driver to anticipate the events ahead, thereby helping with smooth braking.

– Avoid having the sunroof and windows wide open as this can increase drag and fuel consumption.

– Where a car has cruise control, this can help on the open road to reduce fuel consumption by enabling the driver to keep a consistent speed.

– Avoid leaving the engine running for more than a minute if stopped.

Tech Help 

There are also digital tools to help drivers to maximise fuel efficiency. Examples include miles per gallon (MPG) usage counters, fleet tracking software, and fuel economy and fuel calculator apps. Also, last October, Google announced the introduction of ‘Eco-friendly Routing’ to Google Maps. Google used AI and insights from the U.S. Department of Energy’s National Renewable Energy Laboratory (NREL) to design a new routing model for Maps that not only gets users to their destination as quickly as possible, but also optimises for lower fuel consumption.

Drawbacks

There are, of course, some drawbacks to focusing too much on hypermiling. Most motorists will know that when one motorist drives very slowly this can cause tailbacks, frustration, and cause other drivers to make rash and sudden moves that can lead to accidents. Concentrating too much on what’s happening in the car can happen at the expense of noticing what’s happening out the window where most of the danger and threats are. Driving to the conditions rather than a pre-arranged, rigid plan may also be a safer option.

What Does This Mean For Your Organisation? 

With fuel prices reaching an all-time high in the UK and a climate emergency to think about, it makes sense to employ simple ways to maximise fuel economy and to use techniques and tech tools that can help. There is an argument that switching to EV would be better from an environmental view, but this is likely to be a slow transition as many find the cost of switching now prohibitive and there are concerns that the charging network is not yet developed enough. For transport and logistics businesses, some of these techniques may help although tight schedules and road congestion can prove to be a challenge to the best intentions. For individual car drivers, whether for business or pleasure, trying out hypermiling techniques and ideas may yield some surprisingly positive results in fuel cost savings at a time when it’s especially important to mitigate the effects of price rises, with the bonus of green benefits.

A report by Security Company ‘Elevate’ has revealed that 3 per cent of users are responsible for 92 per cent of malware events for businesses, indicating that a small number of users create the most risk.

2016 to 2021   

‘The Size and Shape of Workforce Risk’ report, conducted on data provided to the Cyentia Institute by Elevate Security, included events starting in January 2016 through December 2021, and took into account 15.1m unique events associated with 168k users spread across more than 3.8k organisational departments.

Key Findings 

Some startling key findings of the report were that:

– 4 per cent of users are responsible for 80 per cent of phishing incidents, some clicking as often as twice a month.

– 3 per cent of users are responsible for 92 per cent of malware events.

– 1 per cent of users will average an incident every other week.

– 12 per cent of users are responsible for 71 per cent of secure browsing incidents.

– 1 per cent will trigger 200 events per week.

What Is A Risky User, and Why Are They Risky?  

As identified by the stats in the report, the risky users are those small percentages who cause security incidents, sometimes repeatedly. For example, where phishing emails are concerned, just over half of users never receive phishing emails but some users may simply receive a lot more phishing emails than others (100s per year vs. a few). This doesn’t necessarily make them risky because for the phishing emails that aren’t blocked in the first place, most users (75 per cent) click on phishing emails less than 10 per cent of the time. The Cyentia report, however, says that there is a small group (3.9 per cent of users) who have clicked 3 or more phishing emails and who account for 80 per cent of all phishing clicks. Within this group is the 1 per cent who click more than 52 a year – once a week. As the report suggests, these are the risky users.

Also, according to the report, where malware is concerned, although 94 per cent of users never encounter malware, some experience it weekly. Out of these users, 10 per cent average more than 11 events per year, with 1 per cent as high as 27 events per year. These are the high-risk user for malware.

Similarly, where browsing is concerned, only a small percentage of users account for most of the secure browsing events – i.e. 12 per cent cause 71 per cent of the events.

What To Do   

Elevate’s report recommends several ways that businesses and organisations can minimise the security risk caused by risky users. These are:

– Start measuring to identify which users pose an outsized risk

– Check the efficacy of controls – i.e. check how many phishing emails are getting through the filters, how uniformly AV software is installed, and make sure the controls are not just in place but are working properly for everyone.

– Identify risky users. Identify who’s generating the majority of security events and understand the reasons – e.g. a user may be an outsized target for attackers or someone who has slipped through the security controls or both. Also, consider checking the browsing history of a “click-happy user”.

– Start monitoring and helping the risky users. This could be done by setting up ‘guardrails’ and focused controls.

What Does This Mean For Your Business?  

This report emphasises how important it is to have blocking measures and controls in place, with employee cyber security training in the first place to stop the vast majority of phishing emails and malware (for example) from getting through. It also shows that a disproportionally small number of users may be responsible for most of the risk, but these will not be identified unless the business measures and monitors to find out who they are. The suggestion here is that, rather than subjecting all users to the same level/type of treatment, companies can put more effort into identifying the riskiest users and concentrate more help on them. This could be a smarter and more efficient way for companies to boost security.

Proofpoint researchers have reported that, starting in early February, there has been a 500 per cent jump in mobile malware delivery attempts in Europe.

Trend 

According to the researchers, this rise is in keeping with a trend that has been evident in the last few years where attackers have been increasing their attempts at smishing (SMS/text-based phishing) and sending malware to mobile devices.

Android Is A More Popular Target 

Research shows that Android is a far more popular target for cyber criminals than Apple iOS. This may be because Apple’s App Store has strict quality controls and iOS doesn’t allow sideloading. Most mobile malware is still downloaded from app stores, and this may be due to Android’s more open approach. For example, it is open to multiple app stores and users can easily sideload apps from anywhere.

What Mobile Malware Does 

The Proofpoint research shows that even though the basic purpose of malware (i.e to give attackers control of a system) remains the same, the latest versions are becoming more advanced. Proofpoint reports that some of this malware is capable of activities such as recording telephone and non-telephone audio and video, tracking locations, destroying or wiping content and data, to name but a few. Also, mobile banking malware lays in wait until the user activates a financial app and then intervenes to steal credentials or information.

Adapted For Different Languages, Regions, and Devices 

Proofpoint’s Cloudmark Mobile Threat Research has revealed that Mobile malware isn’t limited to any specific geographic region or language and that threat actors adapt their campaigns to a variety of languages, regions and devices.

Common Mobile Malware Types 

Some of the common types of mobile malware highlighted in Proofpoint’s research include:

– FluBot – spreads by accessing the infected device’s contacts list or address book and sending the information back to a command-and-control (C&C) server. This malware can access the internet, read and send messages, read notifications, make voice calls, and delete other installed applications.

– TeaBot – a multifunctional Trojan that can steal credentials and messages and stream an infected device’s screen contents to the attacker.

– TangleBot – Discovered by Proofpoint and Cloudmark researchers in 2021, this mobile malware spreads via fake package-delivery notifications.

– Moqhao – originating from China, this remote access Trojan has spying and exfiltration features so it can monitor device communications and grant an attacker remote access to the device.

How To Protect Your Device 

Ways to protect your device from becoming infected with mobile malware include:

– Use a mobile antivirus app from a trusted source (three quarters of users don’t have this on their smartphone).

– Be wary of unexpected or unrequested messages with links, URLs or requests for data of any type, and don’t click on the links.

– Report spam, smishing and suspected malware delivery to the Spam Reporting Service by using the spam reporting feature in your messaging client or forwarding suspicious text messages to 7726 (“SPAM” on the phone keypad).

What Does This Mean For Your Business? 

With many people now using their smartphone for many aspects of business, remote working and BYOD now commonplace, while mobile malware is surging and becoming more sophisticated, there is clearly an increased risk. Those with Android smartphones need to be particularly cautious. With three-quarters of users not having a trusted mobile antivirus app on their phone, downloading and using one would be a good place to start (while ensuring it’s a trusted one). Also, awareness should be raised among staff of the danger of clicking on links in unsolicited and suspicious messages (smishing risk) and of the danger of downloading apps outside of the Google Play Store. Caution should also be used when downloading apps within the Google Play Store as some may harbour malware. It’s good practice also to avoid using public Wi-Fi, especially without a VPN, and to keep Bluetooth and Wi-Fi disabled when they’re not in use to minimise the risk of hacking attempts.

In this article, we look at what Wordle is, and how a change of ownership has led to some online criticism.

What Is Wordle?  

Wordle is a free, web-based word game where players have six chances to guess a randomly selected five-letter word. Each day there’s a different word to guess. Players choose letters from a virtual keyboard and enter their choices into the five blank tiles/squares. Once a user is happy with their choices, they press a submit button. The right letter in the right tile shows up green, a correct letter but in the wrong tile shows up yellow, and a wrong letter (not in the word) shows up grey. If a user correctly guesses the word, they win the game and users who win the game two days in a row receive a winning streak.

As well as enjoying the brain-teasing aspect of the game, users share and compare their scores on social media. The game was created and developed by Welsh software engineer and former Reddit employee Josh Wardle and has only recently been sold and moved to the platform of The New York Times Company.

Popular 

It has been reported that Wordle now has 2 million players globally thanks to its viral appeal. Josh Wardle’s Twitter account shows how engaged many users have become with the game, with many sharing their Wordle ideas and stories.

Now Owned By The New York Times 

The New York Times bought Wordle from Josh Wardle in February 2022. It is reported that the NYT paid a seven-figure sum!

Where To Play Wordle  

Wordle can be played by going to www.nytimes.com/games/wordle.

Spoiler Bot Stopped

Just prior to the sale to the sale of Worldle to the NYT, Twitter had to ban a bot from its platform called “The Wordlinator,” because it was responding to peoples’ tweets by giving spoilers for the next day’s word. The bot was also issuing rude comments.

Trouble At Mill? 

When Josh Wardle sold the game to the NYT, he announced on his Twitter account that he “long admired the NYT’s approach to their games and the respect with which they treat their players”.

However, since the sale to the NYT, users have been loudly voicing several concerns online. These include:

– users who navigated to the game’s original home at powerlanguage.co.uk were redirected to its new home on the NYT website. Unfortunately, some people reported that the move to the new online home had wiped their winning streaks.

– Complaints that the game has become too difficult, and this has led to users breaking their much-valued winning streaks. For example, the difficulty of Wordle 245’s answer led to comments that it had ruined the day of some users.

– Criticism that the word choices had become more obscure and ‘random.’

What Does This Mean For Your Business? 

The New York Times made the point that acquiring Wordle gave “millions more people around the world another reason to turn to” its platform, so it is clear why it paid such a sum for a word game. Wordle, however, is an example of how engaged people can become with some games, brands, tv programmes and more to the point where they feel a sense of familiarity and ownership. This is particularly prominent with Wordle because it becomes part of not just a habit or daily ritual, but because it can become linked with a user’s view of ‘self’ (through ability to solve the puzzle), and self-image e.g., sharing the results with friends and competing with friends. How closely some users had become involved and engaged with the reward or negative reinforcement aspect of the game, and the emotional response was illustrated by the those who said their day had been ruined by not being able to guess the word.

This story also illustrates how taking over ownership or management of an established entity, where there are many engaged stakeholders with an emotional connection and existing culture and norms can be precarious situation. This becomes particularly apparent where changes or mistakes are made. No doubt the New York Times is paying very close attention to the daily management of the game and will be keen to avoid any further disruption which could have a negative rub-off effect on its brand and image.

In this insight, we look at what scalping is and why some people are looking to introduce legislation to stop it.

Scalping  

The term “scalping” refers to stockpiling popular products and reselling them at a higher price for profit (the secondary resale market). This being a tech insight, this article will look at how technology is used in scalping and how tech devices are often stockpiled and sold in this way.

High Demand and Scarce Tech Products  

Products such as some games consoles (e.g. the PS5 in 2021 and now the PlayStation 5) are in short supply, partly because of a global shortage of semiconductor chips. This scarcity means that demand is high and higher prices can be charged. This makes them an ideal product for scalping.

Using Bots  

Bots are used in scalping for buying gaming products and then reselling them at a higher price (scalping) because bots are faster and better at it than humans. This is because they can monitor websites for the moment stock is available and immediately complete the ordering process. The console scalping market is worth millions, and it is not unusual for consoles to be sold at many times their normal retail price. There have been reports of some scalpers using multiple computers operating 24/7 to maximise profits.

Some sellers have even set up their own reselling company that teaches others how to scalp, charging them subscriptions to learn.

Not Just Tech Products  

There are many products other than tech products that are also part of the secondary retail market e.g., trainers and toys.

Christmas Scalping 

The run up to Christmas is a time when scalping particularly frustrates buyers, particularly parents, as those engaging in scalping have bought the must-have toys and are selling them online for high prices.

What Is ‘Sniping’?  

Similar to scalping, but just on eBay is “sniping”. This is where a user waits until the last few seconds of an auction to make a winning bid. Just as bots are used in scalping, bid sniping software can be used to automate the process and get the edge on human bidders with last minute winning bids. Bid sniping software is allowed on eBay and examples include EZ Sniper, My ibidder, BidSlammer, GIXEN, Goofbid, and Justsnipe.

Seeking New Laws To Prevent Scalping  

Some politicians, however, are seeking to protect consumers and are looking for a ban on the resale of electronic goods bought by automated bots. For example, Douglas Chapman, Scottish National Party MP for Dunfermline and West Fife tried to introduce a bill in March 2021 to prohibit the automated purchase and resale of games consoles and computer components, and for connected purposes. In his speech at the House of Commons, he said: “Scalpers manipulate and skew the supply and demand chain to create an unfair advantage in the marketplace, using bot attacks to use up basic supplies of coveted goods, such as the next generation of games consoles and computer components, then selling them on at hugely inflated prices”.  

What Does This Mean For Your Business?  

The arguments against scalping and sniping are that they are unscrupulous practices used for profiteering, a form of legal market manipulation, they put other sellers at a disadvantage, and they don’t benefit the consumer who ends up having to pay inflated prices or go without. Scalping is clearly very profitable but has been likened to ‘ticket touting’. In terms of technology, bots are a vital element in the success of those engaged in scalping and the rise of the use of bots for all manner of activities and services is a trend that looks set to continue.