Discuss and resolve questions on Liquid, JavaScript, themes, sales channels, and site speed enhancements.
At my Shopify store there is someone who has created over 100 bogus customer accounts - each with a different fake email address. There are no orders, just bogus accounts. I have no idea what the purpose of this would be. Is there a way to deny access to specific domains, such as Fakemail.com?
Hi, @Greg15.
For context, there are bots that disguise themselves as normal browser traffic that can create multiple customer accounts on stores. To help address this issue, we've noticed that stores on Shopify have experienced reduced fake customer accounts and spam emails by adding a Google reCaptcha to their site. Google reCaptcha helps analyse the behaviour of visitors to online stores and blocks spam from bots. So I highly recommend setting this up on your store if you haven't already done so.
Can you also elaborate what you mean in regards to blocking certain domains? Do you mean to block specific email addresses from being able to create a customer account on your store, or from accessing your storefront altogether?
Kimi | Social Care @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog
Blocking specific email addresses would probably be futile. I was referring to the domain name in my post such as "Fakemail.com". Every bogus account had an email address like [email protected], or [email protected].
I will have to look into some examples of the recaptcha. I have encountered this on some websites and got so frustrated at the complicated process that I gave up on the order. Thanks for the idea.
If your online store is open to the public without any customer login required, there wouldn't be a way to block a group of email addresses that are attached to a specific domain. Because these are also most likely bots, the best way to minimise this issue is to look into adding Google reCaptcha as noted in my earlier reply. Totally understand your concern though in the extra step and process it will add for customers on their end, so as you mentioned you can look into it further first and trial it before committing.
For future reference, if you do happen to come across specific customers from a certain location that are spam in nature and would like to block them from browsing your store, installing an IP blocker app like this one should help.
Kimi | Social Care @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog
Our store is password protected. Moreover, since we sell to dental professionals only, we manually vet every new web registration. Yet every day we get 2-3 bot accounts created without any registration requests. They somehow bypass the registration form, we never see them as pending registrations, they just appear among our customers on the Shopify back-end. At first, we thought it was targeted at our store, but those accounts never do anything, they don't place orders, they just sit among the customers. We delete them anyway, but now we suspect this targets Shopify. Guys, you at Shopify, should take this seriously before it's too late.
Nope. I see them in Klaviyo (because of the integration with Shopify), but they are not subscribed to our Newsletter.
I am checking our Klaviyo account now as our spammy/bot sign ups in Shopify all have the subscribed box checked in their fake accounts.
Example of what I am seeing with our fake accounts.
@Anna_O I agree these fake customer sign ups are definitely an attack on Shopify and Shopify store owners. I manage a few other stores on other platforms and do not have this issue. (They also do not automatically create customers which is another issue altogether.) Shopify needs to work on getting this stopped before there is a security breach.
I am sure they are waiting for a partner to come up with a solution but waiting on a pay to use third party app to fix a potential security issue is not good business.
Kimi, Apologies for my callousness, but this doesn't at all help the situation and it's frustrating that you've gone quite immediately after the original poster clarified that their store is password protected.
We are having the same exact issue on our shopify, and we deal with sensitive data so we can not have this happen. We even have Captchas enabled and they still show up under our customers.
We're getting crushed by these too. Typical of shopify to marked it solved with a lame lazy answer though.
It's more complicated than that. I have reCaptcha enabled and it does nothing to prevent these @fakemail.com addresses from subscribing. Furthermore, I use Klaviyo and all these submissions are added to my customer profiles there. Speaking with your team I was told it is a Klaviyo issue and to use reCaptcha and/or double opt in (we've tested both), but both are already enabled. It is not a Klaviyo issue.
It looks like the "solution" doesn't work and still no other answers here to help us out. Any news on your side? So frustrating! I just got 42 "new subscribers" from this fakemail under the same name (Mark Mustermann) and all of them started check out and left. It's making me nervous!
Just got another 48 today. This is getting ridiculous! There NEEDS to be a way we can block someone from creating an account!
Hi @DivellaD and @Muriel_Santos.
At this stage, installing an app such as Shop Protector would be the best way to help protect your store. This app should help with stopping fake account creations, bogus newsletter sign-ups and checkouts created by bots. The app's also been highly rated by a lot of our merchants, so I recommend taking a closer look at it to see if it will suit your needs. Because this app has been created by a third-party developer though, you can contact the app's support team directly if you have any app-specific questions.
I can definitely see how important it is to be able to have a feature natively within the Shopify admin to further help with managing spams and bots, however. Because of this, I'll pass on the information and thoughts you've shared here with me to our developers. Shopify is ever-growing and we're always looking at solutions to improve our platform. We can only do so with feedback from our merchants, so it's always greatly appreciated when you share your thoughts and feedback with us.
Kimi | Social Care @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog
I have thousands of fake accounts that are created on my Shopify site in the last month!!! Before that I never had this issue. It is actually horrible. I have downloaded this APP you mention here and it does nothing at all. PLease advise as this is ridiculous now!!!
I have the same Mark Mustermann fake accounts that appeared at my store today... about 100 accounts. This happened about 5 or 6 months ago too (same name). It is frustrating to have to remove these from all systems once you see them. In Klaviyo, it shows a pattern of subscribing and adding a product to the cart and then abandoning. I'm guessing I got one fake account for every product on my site.
I'm a little confused at a solution here.
The solution is always spend more money. Buy yet another shopify app.
I also have the same account. This Mark guy sure is prolific, lol
I have the same bot name! I bet it's Shopify hiring people to act as bots to inflate shop activity. As you may have heard Shopify's stock price is plummeting. I like how their only solution is a paid app that costs $3.49/month to stop this issue.
Paid apps are their only responses.
Just so you know. "Mark Mustermann" is google reviewing your site.
@adfuel I have not had the pleasure of having Mark Mustermann creating accounts. (yet) all mine are either junk names like OUHBVJBd (for both first and last names). Then there are also the duplicates coming from anyone that uses the app versus the web.
Yes, we're getting tons of those random accounts as well. I think most of them are probably google reviewers. Often times, when they're checking discount codes etc in the cart, they'll leave 650-253-0000 as their phone number, which is Google's Customer Support number.
The name "Mark Mustermann" is what they use in German-speaking countries as their sample data, kind of like John or Jane Doe in English.
I'm getting lots of junk customers, but I don't have Klaviyo. I realized I had an option to create a customer account on my site, turned on reCaptcha, and still it's happening. It's to a lesser degree than before, but still it is worrisome to have bots crawling all over Shopify sites and the solution given is not internal. Very disappointing.
It is not a Klaviyo issue. We only started using Klaviyo and have had this issue since day one with Shopify. I have just been deleting them for now, but it sounds like this is going to escalate on me and I would like a working solution before that. We had to turn off the recaptcha in Shopify because it was causing too many problems for our real customers that needed to log into the site.
Love how Shopify marks these things as solved, when they're clearly not.
Anyway, we noticed the same issue, as we ended up sending 134 postcards (via PostPilot) to "Mark Mustermann".
Shopify Flow still doesn't support the ability to delete accounts, so I've created a Flow to at least tag the customer (which removed them from all Klaviyo/PostPilot lists), and then open a ticket for one of the team to delete the account.
Anyone actually called Mark Mustermann is going to be disappointed. Sorry actual Mark.
I felt bad for Mark. Added a condition to see if he spends money before deleting, so far none of the 134 Mark Mustermann's have.
Wow, that's quite the procedure (and time spent) for one spammer! But I understand given that you spent real money to mail him something.
134 versions of the same spammer, so add up the costs of PostPilot, Klaviyo etc, it's something.
70% of the world’s internet traffic flows Ashburn, VA (Google and AWS data centers). Trillions and trillions of daily searches. Generally, Google is pretty good at filtering their bots from your site. Every now and again my ecomm store gets a spike in these bots (primarily via checkout, adding every product I have to cart as a separate fake user, including Google LLC phone number, and then removing from cart).
This can negatively affect your rep with email service providers if you then send out email automations, ie abandon cart sequences (or add them to campaigns), to these fake emails that then bounce (hence, segment them out).
Also, it skews your analytics (ironically, Google Analytics) for the day/week/month, and then your CPC, etc. Filtering out of analytics is harder imo (probably why I haven't done it yet)
https://www.envano.com/2020/01/what-is-bot-traffic-and-how-to-avoid-it/
https://organicdigital.co/blog/how-to-block-google-analytics-spam-from-ashburn-and-chicago/
https://erudite.agency/insights/exclude-bot-traffic-google-analytics/
https://kwsmdigital.com/why-do-i-have-so-much-website-traffic-from-ashburn-2/
Omg finally a real solution. No thanks to Shopify. Thank you Tony you are a genius.
Thank you Tony!
You are THE MAN TONY!
Thank you!
I am experiencing the same issue on a daily basis where the account usually has the same first and last name. Unfortunately, I cannot easily delete them as a batch either because Shopify doesn't have the function to sort customers by where "first name equals last name."
Did you ever find a solution to this? We have been struggling with the exact same problem and haven't been able to easily get rid of them since it appears that they are creating accounts through an action URL. But there have been a bunch of accounts showing up with names such as Micheal Micheal, Candice Candice, etc. I wonder if we are facing the same spammer.
Yeah we have had some with real sounding names pop up as well. It makes it a lot more tedious since I have to click into each one and check that the email is fake.
In our case, we found the gateway to fake Shopify customer account generation was through our Customer Login portal. There is an option to "Create account" as indicated by the arrow:
Since our customer accounts are only created when a customer places an order, we removed this link by simply deleting a line of code in the customers/login.liquid template:
First, we created a duplicate copy of our Online store theme. Then we removed the line of code circled below and saved the file:
Resulting in removal of the "Create account" link and no more fake customer accounts.
Interesting. In our case, the problem was solved accidentally when we switched to a new theme. All bots stopped appearing at all in one day. I guess there was a loophole somewhere in our old theme that allowed bots to bypass our registration process.
Anyway, long story short, those weren't legitimate Google crawlers but just usual malicious bots. Glad we got rid of them, even by accident.
This is what I did, and it didn't work you can hit inspect and even if you disable right click keyboard shortcuts can still open it, and they can change the code to create account option. I even went as far as deleting all coding for create account, and they still can add it back in under inspect.
Oh, finally, after so many months of struggle, I found that gateway the bots were coming through. So, for login/create an account on our website we use an app, not the native theme login page. However, that native login page, although not available through our navigation, was still somewhere live and crawlable. All those bots were coming through that native login form they could find. As soon as we redirected that native login page to our custom login page, the bot accounts stop coming through.
Starting a B2B store is a big undertaking that requires careful planning and execution. W...
By JasonH Sep 23, 2024By investing 30 minutes of your time, you can unlock the potential for increased sales,...
By Jacqui Sep 11, 2024We appreciate the diverse ways you participate in and engage with the Shopify Communi...
By JasonH Sep 9, 2024