In 2019, login pages were the prime target of fraudsters across different verticals. They were using bad bots to carry out two types of online fraud: account takeover to steal PII and payment card details; and fake account creation to validate stolen payment card details (carding attacks) or cash out stolen cards.

https://securitybrief.co.nz/story/here-s-how-human-like-bots-perform-online-fraud