FROM CACHE - en_header
Promotion image

We're moving the community! Starting July 7, the current community will be read-only for approx. 2 weeks. You can browse content, but posting will be temporarily unavailable. Learn more

Where is this customer (a scammer) coming from?

Solved

Where is this customer (a scammer) coming from?

CJannes
Tourist
11 0 1
‎03-23-2024 05:56 PM

I had a $0.00 item in my store. It was hidden (seo.hidden) and it was being fulfilled with an app so that when a customer bought $100 worth of items, the app added this free gift to their cart. It's been working great .

 

However, recently, someone was able to add a bunch of the free items to their cart. I've since removed the BUY buttons from that item's product page, but they came back again today and were able to buy more of them.

 

What's interesting is that in the conversion details of the order, the very first page they are landing on is /checkouts/xxxxx/thank_you or /checkouts/xxxxx/shop_pay. They are only on the site for about 15-20 seconds. My site replay tool (that shows user clicks) never activates because they aren't really on the site.

 

I thought maybe they were coming from an abandon browse email, but I don't think that's it. Then I thought that maybe they were coming from a product review, but I don't think that's it either. Or, maybe they got the product legitimately through the promotion I was running, and they were able to click on the free item in their receipt or shipping notification. I'm totally baffled. 

 

Somewhere they are adding this item to the cart and only dropping onto the Shopify site for a very short amount of time to complete checkout. 

 

Any hints / guesses / suggestions would be greatly appreciated. 

Labels:
491 Views
0 Likes
Report
Accepted Solution (1)

tobebuilds
Shopify Partner
593 42 159
‎03-23-2024 07:00 PM

This is an accepted solution.

It's a bot. It probably uses the AJAX API to add products to the cart. So it doesn't actually need a browser window, which is why you can't see them in site replays.

 

As for where they're coming from, there's likely no way to know, as it's probably using a proxy to hide its IP.

Founder, Regios Discounts app (4.8 stars, 93 reviews, Built for Shopify)
- Custom discounts made simple
- "Just about any discount you'll ever need"
- Built by an ex-Google software engineer
- Often imitated, never duplicated

View solution in original post

463 Views
1 Like
Report
Replies 2 (2)

tobebuilds
Shopify Partner
593 42 159
‎03-23-2024 07:00 PM

This is an accepted solution.

It's a bot. It probably uses the AJAX API to add products to the cart. So it doesn't actually need a browser window, which is why you can't see them in site replays.

 

As for where they're coming from, there's likely no way to know, as it's probably using a proxy to hide its IP.

Founder, Regios Discounts app (4.8 stars, 93 reviews, Built for Shopify)
- Custom discounts made simple
- "Just about any discount you'll ever need"
- Built by an ex-Google software engineer
- Often imitated, never duplicated
464 Views
1 Like
Report

CJannes
Tourist
11 0 1
‎07-12-2024 01:51 PM

Well, after lots and lots of combing through the entries, it definitely looks like it was a bot. There were also some tell-tales signs in the email addresses used. We even up going back to double opt-in and that helped a lot. Two things would be even better...

1) I wish Klaviyo worked with captcha. I think that would stop some bots.

2) I want to play around with a honeypot. While that won't stop the bots, it will make it a lot easier to identify the spam form submissions. There are some online tutorials for Klaviyo honeypot builds, I'll try them when I have a moment.

 

348 Views
0 Likes
Report
Terms of Service Privacy Policy