Scammers use my Shopify checkout to test their credit card numbers. Dozens per day. My record was over 5,000 in 15 hours. And yet despite that, I see no activity in my analytics, even with the few scam orders that sneak past fraud detection.
I won’t be able to stop it, but I might be able to block it if I can determine how they’re getting in.
Does anyone have any ideas?
With thanks,
See main botting gripe threads
For anyone dealing with this have you established if the bots are :
actually interacting with the page, triggering analytics events etc
loading the frontend, but using the ajax api to actually interact with the cart
or possibly newer abusing the new system for the MCP storefront api which also has cart functionality etc ( lets LLMs like chatgpt access store data on the frontend)
Mimics common browser user agents and request headers, appearing identical to real users> - Reaches storefront pa…
Over the last few weeks, I’ve had a massive influx of bots with similar names and addresses adding low price products to carts and then abandoning them. I’ve spoken with Shopify support regarding this issue and all they could tell me was to “install bot protection apps” and to turn on re-captcha. Neither has worked.
Almost all the emails are a name with three numbers after (ex. allen690@yahoo.com ) and the address is typically empty or is:
House Number 43, Gray Colony
Bellevue Washington 98006 …
Or any of the other ones with search to avoid going it alone Search results for 'bots' - Shopify Community Search results for 'botting' - Shopify Community
Thanks to both @Cherry1 and @PaulNewton for ideas to pursue.
MUCH appreciated.
-Lee
1 Like
I have set something up that prevents the issue from getting out of hand. It’s not perfect but it will suffice for now.
Could you share for future merchants.
I have decided to use a Flow to identify spam email and spam addresses, and tagging them so that they are sent to Klaviyo to be supressed and later deleted. It doesn’t prevent the attempts, but it does keep my customer list clean.
1 Like
A good and free solution here:
Since May, I’ve been faced with bot attacks testing credit cards and abandoning carts, hundreds, sometimes thousands of times per day. Sometimes the orders go through and I have to cancel the fraudulent order.
The free solution: Change the checkout from one-page to three-page. One page is the “recommended” choice, but if that means thousands of bots, I’ll gladly go back to three-page, even if that means conversions could be reduced. I guess it’s a lot like double opt-in on mailing lists to weed…
