Case Study: Travel Industry
Automated Fraud

Attackers evaded existing defenses by closely mimicking legitimate search and login attempts.

Travel Industry Case Study


How Shape deflected even the most sophisticated bots, reliably stopping these website attacks.

A major international airline has 30 websites, offered in 11 languages, to provide flight information and host frequent flyer accounts. Cybercriminals and fare aggregators have compromised customer accounts and misappropriated airline information using automated attacks.

In 2014, cybercriminals compromised a large number of frequent flyer accounts using an automated credential stuffing attack. The subsequent theft of frequent flyer miles attracted international press attention, drew negative social media commentary, and created customer dissatisfaction.

Aggregators used scraping bots to discover and publicize non-compliant ticketing options. These unauthorized bookings disrupted the airline’s ability to manage revenue and reduced the airline’s operational flexibility.

These attacks were economically motivated. Travel aggregators monetized airline information by charging commissions or selling advertisements. Cybercriminals resold stolen award tickets or frequent flyer miles on Darknet markets.

Key Points



4 minute preview

Avivah Litan:

VP Distinguished Analyst, Gartner

How to Stop Automated Attacks on Web Applications.
Learn how and why automation-based attacks pose serious threats to web applications. View the video preview to learn what type of websites are targeted.

View Full On-Demand Webinar

Under Cyberattack?
Test drive shape rapid defense.

Get Threat Assessment