Hello! We have an ongoing (and potentially fraudulent) problem with online constituents being created with gibberish names and bogus addresses. AND there are never any orders associated with the new accounts. I cannot figure out the purpose, if this is a preemptive attempt at setting up fraudulent order, and are they BOT created. I run a New Record Summary report everyday, and everyday go through the list of new online accounts that were created the day before. The bogus accounts are pretty easy to spot, but sometimes number in the teens or twenties each day. I then go into each account and deactivate them, which can be quite laborious. Does anyone else have this issue and do you have any other way of dealing with them. More often than not, they have emails with the word stellard in the address. I have an ongoing ticket trying to find a pattern that might help create some preventative measures in keeping these accounts from being created. Any shared experiences are welcome.
I just searched for these types of accounts. We have less than 300, created over the last calendar year. Not very substantial, but kind of annoying. The one consistency I can see in reviewing the traffic request headers is that the initial request always seems to have this referrer/referrer domain:
I added a rule to our WAF to block traffic with that referrer in the headers. You can probably create a similar rule in your WAF and it should blunt the traffic. I'm not sure if it will hold up, but it is a good place to start.
Hi Patrick.
Was adding the rule to your WAF something that you needed Tessitura support for, or were you somehow able to do it yourself. Does Tessitura control the firewall settings? Michael
Hello Michael. For members on TNEW, our Imperva WAF would be where we set header rules. Our security team is already monitoring abnormal traffic and adding rules as patterns emerge, but we have seen these headers shift frequently so this sort of thing has not proven to be effective in our expierence in the long term for this particular issue. I will be posting here in greater detail to the larger thread shortly with a more fulsome update on this problem, but I wanted to respond here to this specific piece!