Consistent number of accounts joining and starting checkout out but appear to be fake

  • 28 February 2024
  • 2 replies

  • Contributor I
  • 1 reply

Hey all,  It appears that I am getting about 20 fake accounts a day that is creating an account, start checkout, and stop.  They don’t buy anything and don’t appear to be adding anyting to their cart.  The email address appears to be valid, but the name is all scrambled (such as: 9ZgQlbaPESI VxXHfzona). 

There doesn’t appear to be any rhyme or reason as to the time on when this happens. I get about 3 signups every 2 hrs. everyday, and I can’t seem to stop it.   Any suggestions on how to exclude these customers in the new customer signup flow and abandoned cart flow??   Here is a screen shot of their activity.  




Best answer by retention 29 February 2024, 01:13

View original

2 replies

Userlevel 7
Badge +57

Hi @Ken, first, welcome to the community!

I’m sorry you’re getting all these fake accounts and activity. Unfortunately, the internet is vast and there are plenty of bad and malicious actors out there.  Most of these are bot driven scripts that scan the internet for vulnerabilities and attack vectors and do this randomly across the web.

If the account creation or bot activity doesn’t stop, the best way I’ve addressed this the following:

  • Make sure all your Signup Forms and Embedded Forms have a Source value.  That way you can at least identify from which Signup Form these accounts are being created.  Are they subscribing from a specific Klaviyo Form, form your Ecommerce Platform, or elsewhere? 
  • If it’s isolate to a specific Signup Form (or Source), then you can try to temporarily disable that Signup Form.  You can try replacing it with another Signup Form by simply duplicating it and replacing it.  My experience is that these bots “remember” the form and reattempt the same form periodically.  Changing out the Signup Form changes the underlying Form ID and other aspects of the Form that may “break their bot script”
  • Next, if the volume is extremely high or unmanagemable, then temporarily enable “Double Optin” for the List that they are Subscribing to.  Granted, this is an extra step for your real end users, but it may foil the bots from confirming the subscription and getting into your List (and system).
  • Since you mentioned the repeat “Started Checkout” event, it sounds like they are attempting to make purchases with their scripts.  I learned from talking to IT Security Pros in the past that the reason they are doing this is to find an online store to verify if their stolen credit cards are valid (or not). Depending on your ecommerce platform, you may want to enable more forensic or security checks or use third party tools to combat this if it doesn’t stop.  If you’re on Shopify, you can enable the “Bot Protection Feature” here: Protecting your store from bots
  • Finally, if you have developer or technical resources, you can also try replacing any Signup Forms with a custom Signup Form with Google’s reCAPTCHA or other bot prevention tools temporarily.  Yes, this will impact your conversion rate because nobody likes looking for all the pictures of Traffic Lights or Motorcycles when they sign up.  But keep it on long enough to dissuade the bots from returning then you can go back to a standard Signup Form.

Hope these steps help!



Thank you so much for your suggestions.  These appear to be coming from my ecommerce platform I will have to do some more investigation.   In the mean time, I am working on building a segment to exclude these “customers” from my welcome email flow to help with my bounce rate or spam complaints.