How To: Deal with fraudulent orders placed via my website

Page approved.

Having a problem with fraudulent orders being placed on your website, with the common identifier between all the orders being they originate from email addresses in the same domain (e.g. "")?

One approach to tracking such orders is to run a Data Query, looking for any orders where either the main or contact email addresses match the fraudulent domain (this should be run each day after importing orders from your website).

Data Query is an Advanced User feature.

Here is a sample that you can base your query on (this one lists Sales Orders taken today where either the main customer email address or the contact email address are in the domain:

SELECT     so.sorder_code, iv.invoice_code, so.date_created
      FROM sorder AS so
INNER JOIN invoice AS iv on so.sorder_id = iv.sorder_id
INNER JOIN company AS cu on so.company_id = cu.company_id
INNER JOIN contact AS co on cu.company_id = co.company_id
INNER JOIN address AS ad on cu.company_id = ad.company_id
WHERE so.date_created > getdate()-1
      AND (
      LIKE ''
            OR LIKE ''
  List Sales Orders created today that have an email address
  in the domain associated with them.

  This data query is provided as a teaching aid and is not
  covered by your support agreement

  11-Oct-2007                                   Created (MDC)


See Also

Visit KhaosWikiX at to see the following:

Contact the Khaos Team