A bot, short for “robot” of course, is a software app that’s programmed to perform automated tasks online. They go to work on their own, toiling away at repetitive or predefined tasks faster and more efficiently than humans. While many uses for bots are beneficial, bots can also be used for illegal and malicious deeds, such as attacking a survey.
So what is a survey bot? Why would a bot want to attack a survey? How can this be prevented? In this blog, we’ll take a look at what happens when bots go bad and how to put a stop to survey bots.
Create Your FREE Survey and Eliminate Survey Bots!
Good Bots vs Bad Bots
Bots, when used for good, help automate repetitive tasks, improve efficiency, and enhance user experiences. In customer service, for example, chatbots can provide instant responses to common questions, improving customer satisfaction since people no longer have to hunt for answers, or wait for a live representative. Bots can also streamline processes, such as automating data entry, monitoring system health, and managing social media interactions. And, they don’t necessarily eliminate human jobs; rather, many simply free up human resources for more complex and creative endeavors.
Unfortunately, bots can be used for nefarious purposes. Bots programmed for evil may commit cybercrimes, such as spreading malware and viruses or stealing and manipulating data. They may be used as “credential stuffers,” taking stolen username and password pairs and attempting to login to multiple sites, exploiting people who reuse credentials across sites. And lately, they’ve been used to purchase large quantities of limited-availability items, such as concert or sports tickets, and reselling them at inflated prices.
10 Ways Survey Bots Ruin Surveys
Unfortunately, when it comes to surveys, bots are rarely used for good. Bot survey attacks are usually driven by malicious intent or the pursuit of specific goals. Here are ten common motivations behind such attacks:
1. Harvesting Data
Bots can be used to collect and scrape data from surveys, which can then be sold on the dark web for money or used for other malicious purposes, such as the aforementioned credential stuffing.
2. Disrupting Data Collection
Some attackers simply aim to disrupt the functioning of surveys, rendering the collected data useless. This could be for competitive reasons or simply to cause chaos (To quote Pennyworth from The Dark Knight, “Some men just like to watch the world burn”).
3. Inflating Metrics
Bots may be used to artificially inflate the number of survey responses to manipulate survey results. This could be done to mess with a marketing campaign, for example, or to influence political polls. Let’s say a bot influences poll numbers, propping one candidate up over another. This could lead people to believe one candidate is a “sure thing,” and not bother voting, when in actuality, that candidate needs all the votes they can get.
4. Spamming and Advertising
Bots might fill out surveys with spam content or links to advertise certain products or services. This can make the original surveying company look bad, as respondents will believe they were given the survey in order to be spammed.
5. Deploying Malware
Bots may attack surveys in order to spread malicious links that deploy malware and other viruses. These can be used for a variety of cybercrimes, such as ransomware that can hold a computer or an entire system hostage.
6. Testing Security
Some bots are deployed to probe the security measures of a website or survey platform. This can be part of a larger effort to find vulnerabilities and attack for different reasons at a later date.
7. Automating Feedback
In some cases, bots might be used to automatically submit feedback or reviews, especially in scenarios where the survey is tied to ratings or comments on a product or service. A bot might be programmed by a company to artificially inflate the ranking of a product in hopes of selling more, or to deflate ratings of a product to damage the reputation of a competitor.
8. Exhausting Resources
By overwhelming a survey platform with a high volume of responses, bots can exhaust the resources of the server hosting the survey, leading to downtime or degraded performance. Again, this is often done for competitive reasons.
9. Stealing Incentives
Bots can be brought in to simulate participation in surveys. This is often done to gain incentives or rewards offered for completing surveys.
10. Sabotaging Competitors
Competitors might use bots to skew survey results in their favor, making their own products or services look better or more popular. They may also intentionally corrupt the data of competitors’ surveys to disrupt their market research efforts.
Create Your FREE Survey and Eliminate Survey Bots!
10 Ways To Prevent Survey Bot Attacks
To prevent bots from attacking your surveys, or to at least slow bot rates, you can implement several strategies. Here are some effective measures:
1. User Authentication
Require users to log in before they can access the survey. This can significantly reduce survey bot activity as it adds an additional layer of verification.
2. Email Verification
Require users to verify their email addresses before they can complete the survey. This can help ensure that respondents are real people.
3. CAPTCHA
A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) can be used to distinguish between bots and humans. Popular options include Google reCAPTCHA, hCaptcha, and others. You’ve undoubtedly encountered a CAPTCHA before. Here are two common ones.
IMAGE CAPTCHA
.
TEXT CAPTCHA
With SurveyLegend, you can easily create your own CAPTCHA using an image-based question. Bots won’t recognize dogs in image one and six, for example, while a human will. The image of the cat and dog may also confuse them. Here’s an example:
Need images to create your own CAPTCHA? Check out our blog on 12 Free Stock Photo Sites.
Now, you can also simply take a CAPTCHA image found online, and use it in an image-based question like the one below. The scattered characters and unusual lines will confuse the bot, but people will be able to make out 6T9JBCDS:
4. Limit Participations
Although survey-taking bots can come from multiple IP addresses, they sometimes come from one. Unless you want people to be able to take your survey more than once, you can restrict the number of submissions from a single IP address to stop single-IP survey bots. This can easily be done with SurveyLegend. Below, under the configurations tab, you can easily toggle the switch to turn multiple participations on/off:
5. Use IP Filtering
Block known IP addresses associated with bot activity. Maintain a blacklist of such IPs or use third-party services to help identify and block them. In the same screenshot above, you can see how you can collect IP-addresses with SurveyLegend. When known bot addresses are discovered, you can remove them from your export list.
6. Randomize Fields
The less intelligent bots are often programmed to fill out specific fields. It’s always a good idea to randomize the names of form fields so that these bots cannot easily identify them. With SurveyLegend, the option to randomize is available with most types of questions as you can see in the green-toggle switch:
7. Analyze Behavior
Analyze the behavior of respondents to detect patterns typical of bots. For example, very fast form submissions or repeated patterns can indicate bot activity. Does your survey take an average of five minutes to complete? Remove any responses that were submitted in under two. Was the first option selected for every question? Good chance that’s a bot. SurveyLegend Analytics can greatly help with the weeding-out process.
8. Monitor Traffic
Regularly monitor your survey traffic for unusual patterns or spikes in activity. If you suddenly see a massive spike, or if surveys are rolling in at odd times (for example, when most people are sleeping), there’s a good chance your survey has been hit by bots. SurveyLegend lets you monitor your survey responses in real-time so you can watch as surveys come in.
9. Include a Honeypot Field
You might consider adding hidden fields that are not visible to users but can be detected and filled by bots (for example, include a question with a white font on a white background that people wouldn’t see, but a bot would). If these fields are filled out, you can flag the response as coming from a bot.
10. Remove Incentives
Incentives are a great way to encourage people to take your surveys, but they can come with a number of negative consequences (read our list of Survey Incentive Pros and Cons here). One of those cons is attracting bots, which may be deployed to target rewards, completing the survey from multiple IP addresses to collect incentives. If a bot attack happens after hours and you’ve set your survey to immediately email a gift card, for example, you could find yourself out thousands by the morning. If you do offer incentives, we recommend sending them out after the conclusion of the survey, when you have weeded out potential bots from your analytics.
Conclusion
Bots have the ability to do a great deal of good, aiding humans and eliminating mundane tasks. But, like most things, they can also be used for bad. When it comes to your surveys, understanding what motivates a bot attack can help when designing them so that you’re able to thwart them. And, by knowing what the attackers might be after, you can better tailor your security measures to protect your surveys from various types of bot activity.
With SurveyLegend, as highlighted in this blog, there are many ways to prevent survey bot attacks, and our surveys are highly secure using the most current encryption techniques. We even have a top-rated performer on consumer website G2! It’s free to start, so create a bot-repelling survey today and see how effective it can be!
Have you ever suffered a bot attack? If so, what kind of damage did the bots do? Have any other suggestions on how to thwart bots? Let us know in the comments!
Create Your FREE Survey and Eliminate Survey Bots!
Frequently Asked Questions
A bot is a software application programmed to perform automated tasks over the internet or other networks, often executing repetitive or predefined actions much faster than humans. They can serve various functions, from enhancing customer service through chatbots to indexing web content with web crawlers. However, bots can also be used maliciously for activities such as spamming, data scraping, and executing cyberattacks.
A survey bot is a type of automated software designed to interact with online surveys, often submitting responses without human intervention. These bots can be programmed to fill out survey forms with predefined answers rapidly and in large quantities, potentially skewing the results and compromising the integrity of the data collected. While survey-taking bots can be used for legitimate purposes like testing survey functionality, they are often deployed maliciously to manipulate outcomes, harvest data, or disrupt survey operations.
Survey-taking bots can have legitimate and beneficial uses. They may be used to test the functionality and performance of survey forms, ensuring they work correctly under various conditions and identifying any potential issues before they are launched to the public. For example, they can simulate a large number of users submitting responses simultaneously, helping to test and improve the scalability and robustness of the survey platform.
