How are bots able to blend in with a human audience? How do they appear at the correct geo-location?
Bots are small programs that are basically modified browsers (or headless browsers) managed by software that is programmed to let them pretend to be humans by setting their location and assigning them a unique cookie profile. Since they are altered browsers, they use browser code – usually based on the code of Chrome or Firefox.
Just like the browser you use on your device, these browsers have many add-ons available to them that allow them to perform different tasks easily – such as letting them look like whatever they need to look like for the job at hand. They use tactics like anti-fingerprint, anti-fraud detection, multi host-emulation and multi-client emulation. When they are set up by a fraudster, they can adjust the browsing session geo-location, browsing history, device fingerprint and cookies to make one single bot appear to be any number of actual humans. What’s more, once a settings profile is saved, it can be shared between different bots and stored in the cloud for easy access when using multiple machines in multiple locations.
For example, dedicated bots are active on Facebook, Instagram, Pinterest, LinkedIn, etc. to create profiles, join groups, like posts, pin an image, follow people or companies, etc. A second group of bots are dedicated to browsing the web, executing search queries, etc. which will be looking for specific advertisements to click on. A third group of bots will click on those specific advertisements and arrive at the landing page to fill in and submit forms.
All these independent bots use and can update the same cookies, geo-location, and device information in order to have a consistent appearance over the browsing session’s lifetime.