Shopify Spam Customer Accounts with Real Email Addresses

Solved
Highlighted
Shopify Partner
13 0 8

1 - A new thing that has started with these fake account the last two weeks is now they are trying to log in their fake accounts. Is anyone else having this issue? See below. We've had a number of these.

 

Screenshot 2019-12-30 at 2.55.15 PM.pngScreenshot 2019-12-30 at 2.55.25 PM.png

 

2 - Also, does Shopify have protection from a data hack? I'm sure to a point but based on this issue how good is theirs. It could have serious implications on us all.

 

0 Likes
Highlighted
Excursionist
16 0 4

@durbanAD Months ago when this problem started for me, I did have 1 or 2 "fake" customers try to log into their account & reset their passwords because I got bounce back messages. I have been checking email addresses with https://cleantalk.org/ to see if they are blacklisted or fake before disabling the account. I first also check to see if the account possibly has an abandoned cart, but most without locations seem to be fake users. 

 

I did also get a reply to a customer account creation email saying "This account was set up fraudulently, please cancel any request/sales associated with this email address. The police have been contacted and an investigation has been opened."   Another person in the forum posted that exact same reply message, so I wonder how many of the accounts being registered are from spammers using hacked emails?

0 Likes
Highlighted
Tourist
4 0 9

In the past few days, bogus signups on my Shopify store have died down.  However I have a Wordpress blog and a newsletter signup and now this nonsense is starting over there.  Most of the emails are real, but the names are garbage text.  In my quest of figure out what in the hell someone would have to gain from doing this, I have finally found one explanation that comes from Mailchimp.  You have to figure that there has to be some financial gain to this or why do it.  And here it is from Mailchimp:

"Sometimes, when an abuser attempts to takeover an account, they'll sign their target up for a several email newsletters at once. They hope that all the new emails in the target’s inbox will overwhelm them and distract them from malicious activity."

 

If anyone else knows a reason for this ridiculous behavior, please hit reply and share with the rest of us.

3 Likes
Highlighted
Shopify Partner
13 0 8

This issue is starting hurt us. This is now what the 'robots' are sending out.

 

Screenshot 2020-01-03 at 12.24.57 PM.png

0 Likes
Highlighted
Excursionist
19 0 29

@HummingbirdHangAlthough that is possible, my first guess is the most commom, that they are trying to get spam links posted to the sites. Some sites require accounts before anyone can post (not sure if shopify has an option for this since I do not allow comments on any page). If an account is created with a fake/non existant email address, I think some systems will not activate the account. With the number of fake email addresses the spammers would need to create without getting email addresses banned/flagged for junk, it would be easier to scrape real email addresses and hope people don't notice. The free email services would block the spammers ip's quickly if they are trying to create a lot of accounts.

 

@durbanAD  Just reply back saying account has been deleted and it looks like a spammer is using their email address to create accounts on sites.

Fine Art Landscapes - Sawusch Photography - USScenics.com
0 Likes
Highlighted
Excursionist
16 0 4

@Steve82 When this first started for me, I can confirm that some of the "Fake User" emails used were in fact leaving spam on my blog. My blog is set to auto-publish comments. But the spam filters are pretty good, so most spam gets flagged & never published. Most of the spam comments I get have links. A few comments were published that shouldn't have been, & I suspected that it was because they created an account first. If you try to add a comment on my site using a fake email, I believe it will get flagged as spam & not published.

0 Likes
Highlighted
Tourist
4 0 9
I just found a post at the blog at imperva dot com. It is about this exact
issue on the receiving end. Spam email registrations were coming into the
guy's account to the tune of 5 per minute. Being a technical guy, he
immediately started cleaning it up and analyzing. And there buried amongst
the trash was an email from Amazon where he had purchased a $300 watch. He
didn't have credit cards linked to Amazon, but he had a $300 gift card.
Amazon refunded.the watch was ordered with 24 hour delivery, so don't know
what Amazon did. So I am going to re-enable two factor authentication on my
Amazon account right now. Since these low life sub-humans are also creating
accounts over on my non-related Wordpress blog, I have to assume this is the
major reason. The signups on my blog don't post anything. Also Google
Analytics never picks them up, which is odd. Last night one was an IP
address from Alaska and the other was in Vietnam.probably irrelevant as the
IPs are probably spoofed. I didn't want to put a Recaptcha on my
registration form, but now I have no choice. With so many of the big
companies carelessly getting hacked including Home Depot, Equifax and many
others.we are all exposed to such scams.


0 Likes
Highlighted
Shopify Partner
13 0 8

Thanks for the input Steve.

0 Likes
Highlighted
New Member
1 0 2

It's probably the same people that are doing the spam, that way they can sell more software subscriptions!!!

2 Likes
Highlighted
Tourist
5 0 3

For two days... no new spam registrations... *fingers crossed* 

 

Has Shopify actually FIXED the issue?

0 Likes