Hello! We have an ongoing (and potentially fraudulent) problem with online constituents being created with gibberish names and bogus addresses. AND there are never any orders associated with the new accounts. I cannot figure out the purpose, if this is a preemptive attempt at setting up fraudulent order, and are they BOT created. I run a New Record Summary report everyday, and everyday go through the list of new online accounts that were created the day before. The bogus accounts are pretty easy to spot, but sometimes number in the teens or twenties each day. I then go into each account and deactivate them, which can be quite laborious. Does anyone else have this issue and do you have any other way of dealing with them. More often than not, they have emails with the word stellard in the address. I have an ongoing ticket trying to find a pattern that might help create some preventative measures in keeping these accounts from being created. Any shared experiences are welcome.
Michael,
We are TNEW and use Recaptcha. We are also seeing accounts created with the word "stellard" in the email address. I have also noticed that the constituent numbers are often back to back, 5 or 6 accounts in a row which makes me suspicious that they are bots. Not much more to add but I thought it was interesting to hear that "stellard" is showing up in yours as well.
Eve Stavropoulos said: We are also seeing accounts created with the word "stellard" in the email address.
Interestingly, I am finding these, too, with "stallardl@gmail.com" being a common denominator:
No transactions, no interaction at all, just a junk constituent and garbage e-mail. Odd. I delete these as I find them.
Exactly. I'm doing manual inactivations at the moment and I'm also noticing some similar/sometimes the same phone number on them as well. Once I move through this round of inactivations, I'll do a duplicate phone search and see what comes up
Been following this thread out of interest, but we are not seeing any of this. Not a single "stallard" e-mail in our database outside of the four patrons who actually legitimately have that name. And in fact, the number of fake/bad accounts we have had created over the last few years has been exceedingly few.
In case it matters, TNEW on RAMP, no AVS and no reCAPTCHA. Also, pretty sure I asked for them to step up the anti-Bot activity for us from get go, whatever level of stuff that Nic mentioned below that ends up being. That said, I also DO have custom JavaScript on our account creation pages that auto-disables the "Create Account" button until they tick an additional box that I have entered there that says "Agree to Terms" at which point the patron is then able to create the account. Not sure how that might or might not affect bot/fake account activity (maybe these people just do not like my organization as much as they like yours), but I figured I would just throw that out there just in case it is useful as a counterpoint.
Best of luck to those dealing with this!
John A. Moskal II said: I also DO have custom JavaScript on our account creation pages that auto-disables the "Create Account" button until they tick an additional box that I have entered there that says "Agree to Terms" at which point the patron is then able to create the account.
That may be all it takes to deter most of these script kiddie type bot accounts.
If so then yay me. I initially thought it was overboard when I was first asked to do that, but we had gotten a new CEO who is a former trial lawyer and who said if we want to even pretend our Privacy Policy and Terms of Use held any kind of legal statute that we should really do this for people who create accounts, regardless of anything else (not sure that was correct, but he wanted to be over-cautious). And, seeing as I am not sure I have ever heard a single complaint about it; I guess no one out there really objects to it. So our lawyer CEO is happy and, one way or another, we are not getting a lot of bot accounts created. I can live with that.
Never mind. I must retract my success. It was pointed out to me by Katie Lachance-Duffy that I searched "stallard" and not "stellard", having misread the thread and then continued that error in my own post.
Looks like we also have 8 of the "stellard" accounts, all very much fake looking. It looks like the frequency for us is approximately 2 per month with the last one coming in around the start of May. So definitely not in the teens and twenties per day as mentioned by the original poster here, but still present.
Ugh, John A. Moskal II, I'm sorry you're seeing this too!