I tried your way, and it does not abandoned for couple days and then come back again. I think your way is required to turn on the “required login/account to checkout”.
Topic summary
Multiple Shopify merchants are experiencing a widespread bot attack creating fake abandoned carts and fraudulent orders, primarily using the name “James James” and email addresses ending in @rtremail.com or similar domains. The issue has escalated significantly since late January 2024, with some stores reporting 5,000+ abandoned carts in days and hundreds of fake orders.
Key characteristics of the attack:
- Bots target $0.00 products specifically
- Some merchants report actual orders being placed and marked as “paid” without payment
- Attacks bypass Google reCAPTCHA and standard spam protections
- Bots create customer accounts through a backend vulnerability
- Pattern evolved from “James James” to randomized same first/last names
Impact on merchants:
- Cluttered abandoned cart reports making real customers hard to identify
- Corrupted analytics and email reputation scores
- Issues with accounting/CRM software imports
- Inability to use $0 products for legitimate marketing purposes
Proposed solutions (mostly ineffective):
- Shopify support suggests enabling reCAPTCHA and third-party paid apps (Negate, Shop Protector, Ellipsis)
- Only reliable workaround: disabling all $0 products (unacceptable for many)
- One user suggests pre-registering bot email addresses with strong passwords
Current status: The issue remains unresolved months later. Merchants express frustration that Shopify hasn’t provided a built-in solution and are considering switching platforms. Shopify reportedly acknowledged the issue but hasn’t prioritized a fix.