An internet bot (short for "robot") is a piece of software designed to perform online tasks automatically. In simple terms, bots are computers pretending to be a human—except bots can perform repetitive tasks faster than humans, and at a much wider scale. While many bots are designed to make our lives easier (think Siri and Alexa), there are plenty of bad bots, especially on social media. Bad bots can be programmed to hack, spread misinformation, spam, steal data, and other malicious deeds. This minHour article will teach you the difference between good bots and bad bots, and help you spot a bad bot on social media.
Are bots bad?
Just like the bots we know from Star Wars, there are both good bots and bad bots on the internet.
While you might only hear the word “bot” in a negative context in the news, many bots are completely harmless—designed to make life easier (with varying levels of success). But even though there are plenty of good bots, some bots are so bad they’ve given all bots a bad name. When you hear “bot” in conversation or in the media, it’s usually related to bots being responsible for huge amounts of spam, trolling, and spreading misinformation on social media.
Types of Good Bots
These bots are designed to simulate real human conversation. Many chat bots use machine learning and artificial intelligence (AI) to understand and respond to human interaction, making them more intelligent and useful over time. These bots have a level of “understanding,” which makes them able to engage in more realistic personal conversations.
Transactional chat bots.
These bots are similar to chatbots, except they’re less conversational and more task-oriented. Transactional bots have a fixed set of options you can choose from, such as requesting your bank balance or order return status.
- Some companies use transactional bots on the front line of their online customer service teams, usually to answer questions or help buyers find products that suit their needs. For example, when you choose the Chat feature on Amazon to get customer support, you’ll talk to a transactional bot before you’re routed to a support agent.
- You’ll also find transactional bots on platforms like Discord, Slack, and Telegram. These bots usually moderate conversations and handle administrative tasks, but can also do things like share files and play games.
Personal assistant bots.
Have you ever asked Siri, Alexa, or Google Assistant to look something up or schedule a meeting? These virtual assistants are all examples of good bots designed to help you get more done in less time.
Search engine bots.
Search engine bots constantly scan the web to index websites—an enormous ongoing task that no team of humans could ever keep up with! When you search Google or Bing, the results you see are available thanks to bots like Googlebot and Bingbot.
System or network administrators and developers use bots to monitor the health of servers, networks, and applications. When a monitoring bot encounters a problem, it alerts technicians who can resolve the issue.
Types of Bad Bots
Malicious social bots.
These bots, which usually operate alongside large networks of other bots, aim to manipulate public opinion, often about controversial topics like politics and vaccines. Because these bots can be so realistic, malicious social bot networks may even be capable of inciting violence.
These are the bots responsible for unsolicited advertising across social media, on the web, through email, and even through direct messages and texts. Spambots usually share links to malicious websites, which then harvest personal information, credit card numbers, and other details from unsuspecting users.
If you’ve tried to buy a concert ticket or a new gaming console online in the last few years, you’ve probably encountered scalper bots. These bots snatch up the latest goods and tickets with the intention of reselling them at much higher prices. They do this by buying up all the tickets or merchandise before a human can even enter their credit card info, resulting in shows and products selling out in seconds.
These bots download all the content from a website, often with the intention of duplicating the site to steal the original owner’s traffic. Scraping bots may also download pricing information from a competitor’s website so they can update their own pricing more competitively.
This is a more general term for bots that steal passwords, log keystrokes, exploit software vulnerabilities, install ransomware on computers, attack legitimate web services, and steal personal information.
These bots commit fraud by pretending to be real human users visiting websites and streaming media platforms. Click bots operate in networks of similar bots to mass-click on paid advertisements, vote on polls, and artificially inflate video and audio streams on sites like YouTube and Spotify.
Distributed Denial of Service (DDoS) bots and botnets.
These bots work together to attack networks and websites by sending large amounts of traffic. By overloading networks with data, DDoS bot networks aim to take down websites and internet services—Twitter, Spotify, and Reddit have all been negatively impacted by DDoS bots.
How to Spot a Bot on Social Media
Early and frequent sharing of emerging news.
Malicious bots can be hard to detect—they post on social media like Twitter, Instagram, and Reddit the same way a human does. But if a user is usually the first to break news stories about shocking controversial topics, especially if they often tag or mention influential figures in their posts, there’s a good chance that user is a malicious social bot.
High levels of daily activity.
According to the Oxford Internet Institute, any account posting more than 50 times per day is suspicious and likely an automated bot.
A high Botometer score.
If the suspected bot is on Twitter, you can run the user’s handle through the Botometer, a tool provided by the Indiana University’s Network Science Institute. This tool evaluates the identity of a Twitter user (and the user’s friends and followers) and gives it a score—a higher score means the account expresses bot-like behavior. You’ll find the tool at https://botometer.osome.iu.edu.
Suspicious profile and photos.
Many bots use stock profile photos and add little identifying information (or extremely generic information) to their bios. Their usernames might also be strange mixes of letters and numbers.
- You can also look at the suspected bot’s friends and followers to see if other accounts they associate with also have the same types of profiles.
- Try doing a reverse image search on their profile photo to see if it shows up anywhere else on the web.
Lots of retweeted or shared content.
Real humans often share their own thoughts and photos on social media, not just shared links and retweets. If an account only reposts or retweets content from other users (especially if it’s from the same group of users, blogs, or websites), it could be a bot network in action.
Identical posts across multiple users.
Check posts and tweets created by the suspected bot’s friends and followers. Do they post identical content as the suspected bot that isn’t reshared? Bots will often post the same memes, images, and quotes as other bots in their networks without retweeting or sharing them from other users.
Staying Safe from Bots
Don’t click links from untrusted sources.
If you receive a text message, email, or direct social media message containing a link, don’t click the link unless you completely trust the sender. This includes random requests to log in to a social media site to reset your password. Keep in mind that because bots often aim to mimic real humans and services, they can use phishing tactics to make you think messages are actually coming from services you trust, including your bank or Facebook.
- Sometimes bots will use URLs that look like the websites you trust to try to convince you to reset your password or log in to change your account information. For example, a bot may send you a link to a phony Facebook login page that replaces one of the Os in “Facebook” with a zero—these types of changes may be impossible to distinguish visually.
- If you receive a text or email telling you one of your accounts is compromised, don’t click the link in the message—instead, go directly to the website of the provider you use to log in—if your account really needs attention, you’ll be prompted to make changes from the actual website, not just the link in a message.
Always keep your antivirus and antimalware software up to date.
No matter what type of computer, phone, or tablet you have, your data could be vulnerable to bot-related attacks if your system isn’t protected.
- If you have a Windows PC, your PC comes with strong antivirus and antimalware software that always runs in the background—don’t ever turn it off, and make sure to install all updates when prompted.
- Macs also have built-in security protection—don’t put off those Mac system updates, as they usually contain updated protection.
- You can always install added protection on your Windows PC or Mac, including with free products like Malwarebytes.
- On your phone or tablet, avoid installing apps you don’t trust.
Use strong unique passwords.
Having a unique and secure password for each individual service, app, and website you use can help you keep your accounts safe if one of your passwords is ever hacked. If you have a hard time coming up with secure passwords for multiple sites, try a password manager—these services make it easy to have a different password for every service, as they only require you to remember one master password.
Use reCAPTCHA on your website.
If you run a website that has any sort of submission form, including an account creation form, use reCAPTCHA (Completely Automated Public Turning test) to ensure that all submissions and creations are made by humans, not bots. reCAPTCHA can also prevent scraping bots from harvesting content, creating posts, and making fraudulent transactions.