I'm having trouble with fake orders!

  • 16 May 2024
  • 5 replies


It seems a bot is filling out my sign-up form and then randomly placing orders for various items in my shop, as shown in the image below.

Has anyone else encountered this issue? If so, how did you stop it?




Best answer by bluesnapper 17 May 2024, 09:01

View original

5 replies

Badge +1

Hi @Bandit - are they actually placing orders or just starting checkout?


A number of my clients have had the same issue with bot sign ups, so we have implemented reCAPTCHA on their Shopify store (link below) and also made our Klaviyo lists double opt in.

Info on bot list bombing:


Turn on reCAPTCHA in Shopify:


Additional tip: if you did have bot signups to your list, a common pattern is the emails will contain a + sign. Create a segment with the following rule: 

Properties about someone - email contains: +

Then you can delete all members of this segment to keep your account clean. Info on how to delete members of a segment here:





Thanks for your comment.

Only checkouts attempts so so far.

Recapcha is active for shopify but as you know Klavyio does not have this option and double opt in is active.

I can activate the filter you describe for bots but this does not stop them from doing the above.

In my case a bot has subscribed with a “legitimate” name. 

I suspect the bot might be testing stolen credit card details?

Any thoughts on this?

Userlevel 7
Badge +39

Hi @Bandit 

@danielmonty makes great suggestions regarding reCaptcha, double opt-in, and the spam segment.

It’s also worth mentioning “John Smith” checkouts. These are initiated by a Google bot, though it may use other names. A typical email address is johnsmith001@... etc. and I’ve seen the domain as as well as

Google uses this bot to ensure that prices reflected on the product page are consistent with any ads, feeds, and during checkout.




Thank you Bluesnapper, this is indeed valuable information to keep in mind. 

Johnsmith is something I was not aware of. 👈👍

I noticed one of the users mentioned to delete the spam bots, I think it is more efficient to suppress these accounts. Deleting the accounts from the list still gives the bots from the original email address a chance to resubscribe and enter the list at a later point. I created a segment using the unengaged segment method, exported the csv. I had a list of a bout 250 email address. many of which contained the “+” character as mentioned. I isolated these from the email addresses that was actually customers by deleting the real customers from the list and reimported the csv back into klaviyo. once i reimported the list it was about 120 bot accounts i manually suppressed the whole list. this is my workaround for bot accounts. I will do this every 30 days or so to clean my list and improve deliverability.