How to stop spam accounts in Shopify

Hacker or bot attacks can create multiple spam or fake customer accounts in a short time, since account creation can be done via API in Shopify. Unfortunately this type of attack is possible even when Customer Accounts are disabled in Shopify.

Spam accounts can pose a significant threat to your Shopify store, creating security vulnerabilities, skewing data, and hindering customer experience. Fortunately, there is a very simple step you can take to mitigate this issue and safeguard your online business. You'd just need to enable the built-in Shopify spam protection: Google reCAPTCHA challenges. Continue reading for a brief introduction to this feature and how to enable it in the Shopify Admin to prevent fake accounts.

How to stop spam accounts in Shopify

To prevent fake accounts from being created in your shop, just enable the built-in Shopify feature Spam Protection.

• You'll find Spam Protection in Shopify Admin > Online Store > Preferences > Spam Protection.
• Tick the box below to enable the protection on login and registration forms. This should protect you as well of account creation via API and Shopify bot accounts. While you are there, you can also enable the protection on contact and comment forms, with the option above, if you wish. Then Save

‍

Automated Account Creation by Bots and Fake Accounts: which risks is my store exposed to ?

Automated account creation by bots and fake accounts is a growing concern for businesses utilizing online platforms like Shopify. This practice involves malicious actors employing software programs, known as bots, to generate large numbers of illegitimate user accounts. These accounts are often created with the intent to:

• Commit fraudulent activities: Fake accounts can be used to make unauthorized purchases, exploit loyalty programs, or engage in money laundering schemes.
• Manipulate data and reviews: Bots can inflate product ratings, skew marketing data, and spread misinformation.
• Disrupt user experience: Spam accounts can flood forums with irrelevant content, generate unwanted marketing messages, and create a negative online atmosphere.

Identifying and preventing automated account creation is crucial for maintaining the integrity and security of your Shopify store. Implementing robust countermeasures can ensure a legitimate customer base, safeguard your business resources, and foster a positive user experience.

‍

Disabling reCAPTCHA protection on Shopify

Shopify reCaptcha uses risk analysis techniques to distinguish between humans and bots. While reCAPTCHA protection can help to improve the security of your website, it can also be detrimental to the user experience and the registration and login processes in Shopify. Simply because your users may have problems to resolve the challenges.

Once you've successfully addressed the account creation attacks, you can choose to disable the protection if you no longer deem it necessary. To do this, you can either follow the steps outlined in this guide or simply uncheck the box mentioned in the guide above.

‍

Additional measures

If you want to take your security a bit further you can consider using apps that could help you collect additional data from customers. So it's easier for you to filter those that were registered with regular processing.

Froonze's Custom Forms plugin allows you to create custom registration and profile forms and collect additional information from your customers. It also allows setting up alternative registration actions (email verification, or admin approval) that can be used along the reCaptcha protection. Learn more about this plugin and its features here: Custom Forms: collect all data you need from your customers

‍

‍