How to stop spam customer accounts from being created

How to stop spam customer accounts from being created

Yvy616
Excursionist
34 0 42

I've seen many closed supposedly "solved' posts like this but no solution. Has anyone figured out how to stop these hundreds of spam account creations?? I get hundreds a day. I'm constantly deleting them from here and klaviyo. Today it has taken most of my work day. I turn around for a second, BAM 10 more.

1. Contacted shopify, NO HELP. They just tell me to install a paid app of which I had already tried a few and they do not stop this. Why can't they stop this from happening in the first place??? I had bigcommerce for 10 years prior and never ever had this issue.

2. I prefer NOT to use their reCaptcha because it's annoying. "Touch squares with a car....wait wrong, that one square had a little corner of the car." Ugh. Having it deters signups by a lot.

Can't they supply a simpler one? But still, I did try that and it's not working well. I don't want that to be the only solution.

2. I also tried honeypot traps. Worked for a few days and now spam accounts are back and stronger than ever.

Why should shopify allow something terribly wrong with their back end to continue? IS it to get kickbacks from app installs ? That's the only thing that makes sense. I've wasted so much of my time that I should be using to run a business into trying to stop this from continuing. 

I'm at my wits end.

Yvy616_0-1691605132268.png

 

Replies 16 (16)

Dizzle
Tourist
5 0 5

Having exactly the same issue and agreed, zero help from Shopify and the third party apps are useless. This has been a serious issue on and off for years and it's frustrating that Shopify has taken no ownership over it

bm4
Visitor
2 0 4

We have the same problem on our end. Customers can't log into accounts due to Recaptcha, and if we remove it, we get thousands of spam accounts created.

Lychee88
Explorer
51 1 21

Same issue. All of a sudden my Captcha page stopped working on the challenge page, basically a button and no challenge shown so the contact forms can't be submitted. I've already deleted over 2k here and in Klaviyo and I get about 10-20 per day. Nothing works. 

Yvy616
Excursionist
34 0 42

I've spent all day on this! My recaptcha stopped working too! (I thought it was me) and shopify support somehow stopped these fake accounts from appearing in my customer list, as if that was a fix, but they are still being created to the tune of hundreds a day. I found them in my klaviyo customer lists and after deleting the hundreds, I now watch over it, refresh and delete as they appear. No way for a business owner to spend the day. Support said "we are working to fix this and rest assured, when we do, know that your diligence played a part" LOL Canned responses.

Lychee88
Explorer
51 1 21

It's crazy. I had to create segments in Klaviyo to remove all profiles from Russia and anything with www in it. I still have way more that have real names but when you look at the emails they don't match or belong to blogs. My captcha used to work then all of a sudden it stopped working on my challenge page so I had to disable it to get it to even submit. I even went to Google to update my site for recaptcha and it gave me codes but no one on this site will tell you where to put them if even possible and those that offer to help are trying to get people to pay for their services. 

Guybrush_shopz
Shopify Partner
4 0 2

Like to chime in, we've seen these drop in on a shop that technically doesn't even have customer accounts (disabled in settings, but that doesn't stop the registration URL from being accessible).

 

What is... the point though? I can see for spam contact form submissions how 1 in a million reacts to these "great offers" for better marketing and whatnot, but as a customer, all you can do is... be seen? And see your orders? (Weirdly enough, one of the "customers" even had a note).

Lychee88
Explorer
51 1 21

I don't know what their end game is honestly unless they're trying to ruin site reputation in some way that we can't see. My newsletter requires confirmation that they're joining so even though my list on Klaviyo is getting large from all these fake accounts, they're just filling up my profiles and not being added to actual subscribers. I know some mentioned in other threads that their email lists were getting infiltrated with these accounts because they obviously don't have a confirmation required to subscribe. Maybe that's the end game, getting stores to email fake accounts with fake newsletter subscriptions which lowers the score and possible gets the domain flagged and blacklisted. I get these fake accounts being added every day with 40 added while I slept that I had to remove. 

 

I also disabled the accounts form on my front end, but they're still being created through a vulnerability through Shopify on the back end. 

Yvy616
Excursionist
34 0 42

Hi I just stumbled across something. It may not be it, but worth a look. I went to my account security settings. I didn't even know this page was there. (Click on account name on top right corner when logged into shopfiy, then go to manage account, then in the left, go to security), if you scroll down, there lists all the devices that are logged into your shopify backend. Most are me, but I found one in May 2023 that was logged in from Russia. So I logged it out and changed my password. I thought maybe that was an app developer when trying to help but I don't see any other collaborators listed under devices, so I venture to think, this is an actual log in to my shopify account. So I'll check to see if it affects the account creations. Hoping i found the source...if you see somthing similar,log them out and see if that helps!! We have to help ourselves since Shopify wont. 

Lychee88
Explorer
51 1 21

Thankfully mine wasn't a security issue with access to my store and the fake subscribers went away once I added Captcha to the account sign up form. I had already removed the sign up option from my front end and they were still getting through, so adding the Captcha to sign up was the last resort and it stopped them from going through the back end to create multiple fake accounts daily. Until Shopify fixes the back end issue, this is the only thing that actually stopped them from creating 30 - 50 accounts daily. 

Not applicable

Hey

 

We use the Shopify API to collect customer data and store it in a Mysql database. Then with a PHP script, we deleted all customer identified by the following criteria : 

 

SELECT id,email
FROM customers
WHERE
(
first_name LIKE '%gazprom%' OR
first_name LIKE '%blogspot%' OR
first_name LIKE '%www.%'
)
OR
(
orders_count = 0 AND
verified_email != 1 AND
JSON_EXTRACT(addresses, '$.zip') IS NULL AND
JSON_EXTRACT(addresses, '$.city') IS NULL AND
JSON_EXTRACT(addresses, '$.phone') IS NULL AND
JSON_EXTRACT(addresses, '$.address1') IS NULL
)
AND JSON_EXTRACT(email_marketing_consent, '$.state') = 'not_subscribed';
";

 

 

 

 

ragecreate2
Visitor
1 0 0

Feb 22 -- and we are still dealing with this exact same issue. Nothing seems to stop them from creating new customers every minute. 

 

We have all site traffic turned off, with maybe 15 total visitors in one day, and yet still 300+ new customers created. Installed "Blockify" by Shopify's help recommendation and it did not work --- even with all VPN, TOR, and PROXY blocked. 

 

Shopify---- please provide a solution for this. It seems to be a bug inside the platform. 

 

dylangarrod
Tourist
7 0 7

Found a FIX!

 

Had the same issue, over 25,000 fake accounts, which turned our email sender reputation down the gurgler. Have been wondering for months what's causing the turndown in sales, and believe it was this (as emails were not going through, being marked as spam etc...)

 

Tried deleting sign up pages, but the accounts kept popping up in Shopify and Klaviyo.

 

Inside the spam customer profiles, it says 'has a classic account' which means they're signing up via the Shopify customer account form (even though we don't have accounts enabled).

 

So this fix will only work if you're like us, and do not use customer accounts.

 

1) Go to Online Store >> Themes >> Edit Code

2) Go to templates/customers/register.liquid

3) Delete all the code, so the page is blank.

4) Save

 

@Shopify you really need to do something about this. This is crazy that you allow this to happen.

dylangarrod
Tourist
7 0 7

You also need to ensure CAPTCHA is turned on for customer accounts.

1. Online Store

2. Preferences

3. Scroll to the bottom and check 'CAPTCHA for new customer accounts'

linia
Excursionist
22 1 19

I ended up using this solution as well (I also added a redirect at the top, so it goes somewhere else vs. showing a white page).

Thanks for suggesting this - I would have not thought of it.

theartofstitch
Tourist
11 0 2

I am going through the same thing. When i turn on recaptcha, i lose weeks of sales and a customer emailed me telling me that she keep trying again and again and can't log in because she's always wrong. I can't believe this is causing business, and when i turn it off, I get 100s of spam accounts daily. If i don't clean up in a week, it becomes 1000s and it takes so long to clean up. it still needs to be done as my email marketing gets paused due to the high bounce rate. I don't get why there is no real solution from shopify. Right now I'm trying something new. I've turned off my newsletter subscription at every page. If it works, I'll update here.

Yvy616
Excursionist
34 0 42
Guys, i read about the following, tried it and works. Yes it involves a paid app so I hope this is temporary.

I downloaded the Helium Customer Fields app. (I’m not promoting it just sharing what I had to do to make it stop)

It replaces the customer registration forms on the site. (Or any other form you want), and has its own invisible built in recaptcha. It’s the only thing that has worked where I can sit back and go about my business.

If the app can do this, Shopify should be able to protect their systems at the source.