Scammers accessing customer account logins

Technical Q&A

Topic summary

Main issue: Suspicious activity around customer accounts on a site with customer accounts disabled. Initially, the poster believed scammers were accessing the login page directly and triggering password resets, then appearing as fake “customers” with emails containing the site’s domain.

Update/clarification: After reviewing a Hotjar session recording (user behavior video) and testing, they found that with customer accounts disabled, any attempt to submit customer info redirects to the home page. The most recent event was actually a newsletter subscription, not a customer login.

Key details:

  • “Customer accounts disabled” = account login endpoints are inactive and redirect.
  • “Newsletter subscribe” = email sign-up form that can still accept entries.
  • Hotjar video link provided and central to the observed behavior.

Current status: No confirmed account logins. The concern shifts to fake newsletter sign-ups populating the customer list.

Open questions: How to prevent access to login endpoints and block or filter fake newsletter sign-ups. No concrete solution yet beyond manual monitoring of sign-ups.

Summarized with AI on February 27. AI used: gpt-5.
1

I have my site set to disable customer accounts, but scammers are logging in by entering the relevant page path. Then they enter an email for resetting password. (Hotjar video here: https://insights.hotjar.com/r?site=2593314&recording=8216491209&startTime=0&token=6abf176c1901a46565c7a3db9b8937d3)

I believe the end game is to insert themselves into my customer list because I’ve found some “customers” who aren’t really customers or email subscribers, and they always have my domain name included somewhere in their email address.

Is there a way I can prevent people from accessing the customer login?

2

I realized after watching the video again and trying it myself that what’s actually happening with customer accounts disabled is that trying to submit customer info bounces the person to the home page. So this last one was actually a newsletter subscribe. Not sure how to fix that aside from checking sign-ups on a regular basis.