How To: Deal with fraudulent orders placed via my website

Having a problem with fraudulent orders being placed on your website, with the common identifier between all the orders being they originate from email addresses in the same domain (e.g. "unsafe-mail.net")?

One approach to tracking such orders is to run a Data Query, looking for any orders where either the main or contact email addresses match the fraudulent domain (this should be run each day after importing orders from your website).


WARNING icon
Data Query is an Advanced User feature.

Here is a sample that you can base your query on (this one lists Sales Orders taken today where either the main customer email address or the contact email address are in the unsafe-mail.net domain:

SELECT so.sorder_code, iv.invoice_code, so.date_created
 FROM sorder AS so
INNER JOIN invoice AS iv on so.sorder_id = iv.sorder_id
INNER JOIN company AS cu on so.company_id = cu.company_id
INNER JOIN contact AS co on cu.company_id = co.company_id
INNER JOIN address AS ad on cu.company_id = ad.company_id
WHERE so.date_created > getdate()-1
 AND (
 ad.email LIKE '%unsafe-mail.net'
 OR co.email LIKE '%unsafe-mail.net'
 )
/************************************************************
 List Sales Orders created today that have an email address
 in the unsafe-mail.net domain associated with them.

 This data query is provided as a teaching aid and is not
 covered by your support agreement

 11-Oct-2007 Created (MDC)
************************************************************/

ScrDataQuery.jpg

See Also


Did you find this article helpful?