1 - A new thing that has started with these fake account the last two weeks is now they are trying to log in their fake accounts. Is anyone else having this issue? See below. We've had a number of these.
2 - Also, does Shopify have protection from a data hack? I'm sure to a point but based on this issue how good is theirs. It could have serious implications on us all.
@durbanAD Months ago when this problem started for me, I did have 1 or 2 "fake" customers try to log into their account & reset their passwords because I got bounce back messages. I have been checking email addresses with https://cleantalk.org/ to see if they are blacklisted or fake before disabling the account. I first also check to see if the account possibly has an abandoned cart, but most without locations seem to be fake users.
I did also get a reply to a customer account creation email saying "This account was set up fraudulently, please cancel any request/sales associated with this email address. The police have been contacted and an investigation has been opened." Another person in the forum posted that exact same reply message, so I wonder how many of the accounts being registered are from spammers using hacked emails?
In the past few days, bogus signups on my Shopify store have died down. However I have a Wordpress blog and a newsletter signup and now this nonsense is starting over there. Most of the emails are real, but the names are garbage text. In my quest of figure out what in the hell someone would have to gain from doing this, I have finally found one explanation that comes from Mailchimp. You have to figure that there has to be some financial gain to this or why do it. And here it is from Mailchimp:
"Sometimes, when an abuser attempts to takeover an account, they'll sign their target up for a several email newsletters at once. They hope that all the new emails in the target’s inbox will overwhelm them and distract them from malicious activity."
If anyone else knows a reason for this ridiculous behavior, please hit reply and share with the rest of us.
@HummingbirdHangAlthough that is possible, my first guess is the most commom, that they are trying to get spam links posted to the sites. Some sites require accounts before anyone can post (not sure if shopify has an option for this since I do not allow comments on any page). If an account is created with a fake/non existant email address, I think some systems will not activate the account. With the number of fake email addresses the spammers would need to create without getting email addresses banned/flagged for junk, it would be easier to scrape real email addresses and hope people don't notice. The free email services would block the spammers ip's quickly if they are trying to create a lot of accounts.
@durbanAD Just reply back saying account has been deleted and it looks like a spammer is using their email address to create accounts on sites.
@Steve82 When this first started for me, I can confirm that some of the "Fake User" emails used were in fact leaving spam on my blog. My blog is set to auto-publish comments. But the spam filters are pretty good, so most spam gets flagged & never published. Most of the spam comments I get have links. A few comments were published that shouldn't have been, & I suspected that it was because they created an account first. If you try to add a comment on my site using a fake email, I believe it will get flagged as spam & not published.