Form spam is when a bad actor creates a script that submits lots of fake data to your real data. This is potentially very costly to reconcile and usually not discovered until a significant amount of fake data is submitted.
Although the school lottery system had very little (less than 1 per year) form spam and it was entered manually, We fortified the system to detect strange activity and reject the submission.
I can’t go into details lest I divulge our defenses, but adding the defense mechanisms greatly reduced our risk of this horrible occurrence.
