OWASP Automated Threats

Repeated link clicks, page requests or form submissions intended to alter some metric.

What is Skewing?

Automated repeated clicking or requesting or submitting content, affecting application-based metrics such as counts and measures of frequency and/or rate. The metric or measurement may be visible to users (e.g. betting odds, likes, market/ dynamic pricing, visitor count, poll results, reviews) or hidden (e.g. application usage statistics, business performance indicators). Metrics may affect individuals as well as the application owner, e.g. user reputation, influence others, gain fame, or undermine someone else’s reputation.

For malicious alteration of digital advertisement metrics, see OAT-003 Ad Fraud instead.

Skewing is also known by terms such as biasing KPIs, hit count fraud, metric and statistic skewing, page impression fraud, poll fraud, poll skewing and rating/review skewing.


The symptoms of Skewing

  • 1
    Decreased click/impression to outcome ratio (e.g. check out, conversion)
  • 2
    Unexpected or unexplained changes to a metric
  • 3
    Metric significantly different to accepted sector norms
  • 4
    Increased costs/awards that are determined from an application metric or metrics


Sectors targeted by Skewing

  • Education
  • Entertainment
  • Financial
  • Government
  • Health
  • Retail
  • Technology
  • Social Networking


Can InfiSecure prevent Skewing?

InfiSecure’s bot mitigation service detects bots that try to mimic human behavior and do fraudulent activities on websites. InfiSecure blocks such bad bots in real-time so that marketing and IT teams have the correct web analytics to make right marketing decisions.