Callback
  • From a market stall to a store

  • -

  • From a store to a retail chain

  • -

  • From retail to manufacturing

Fraudulent and fake orders: how to detect and how to counter

Olena Kovalenko
Olena Kovalenko

Accounting and Automation Systems Specialist. Editor.

What are fake orders and how much do they cost a store

A fake order is a request that a person or a bot leaves without the intention to buy the product. Some of these orders are accidents or technical glitches, while others are tools used by scammers and unscrupulous competitors. In this article, we break down who creates invalid orders and why, by what signs they can be recognized, and how to build a filter that screens out fakes without losing real buyers.

Brief algorithm for a suspicious orderDo not ship the product. Call back the provided number. Check the buyer in the customer database by phone number. If a "payment receipt" was sent — verify the receipt in your banking app, and check the receipt code on check.gov.ua. Do not click on links or open files from the "buyer".

Why fake orders are direct expenses

Every invalid order costs money: the manager's time for processing, calls, reserving goods, and when shipping via cash on delivery (COD) — shipping both ways at the seller's expense. When fake requests come en masse, real buyers suffer: their orders are processed slower, and the store's rating on marketplaces drops due to cancellations.

The general background is also not in the seller's favor. According to a Rakuten Viber survey, 62% of Ukrainians have faced cyber fraud or phone scams. According to published data, in 2025, about 256 thousand fraudulent payment card transactions were recorded, with losses of 1.4 billion hryvnias. Schemes honed on private sellers are applied to online stores as well.

Who creates fake orders and why

SourceGoalTypical sign
Bots and view-botting in ad networks Earning on cost-per-action (CPA) payouts Series of similar requests from one channel in a short time
Unscrupulous competitors Overload managers, ruin the rating A wave of orders, other people's phone numbers in requests
Scammers with fake receipts Get the product without payment A screenshot or receipt "of payment" and pressure on urgency
Fraudsters with stolen data Turn someone else's card into merchandise The number owner does not know about the order
Phishers posing as buyers Lure out payment details or infect the computer Links "to receive payment", files in a messenger
Random requests and pranks No purpose: children, auto-filling forms, testing Invalid number, nonsensical data, silence on the call

It is also worth keeping in mind technical glitches in payment systems: a payment may look fake due to a processing delay. Therefore, the first reaction to a strange order is verification, and only then drawing conclusions.

Main schemes and how they work

Fake payment receipt

The "buyer" places an order, sends a screenshot of the transfer or a full-fledged electronic receipt, and asks to send the product immediately. The problem is that it is almost impossible to visually distinguish a real receipt from a fake one: having one authentic copy, the scammer produces any number of fakes with an arbitrary amount, date, and stamp.

Verification is done in two steps. The first and main one is checking your own account balance: open your bank's app and make sure the money actually arrived. The second is the government service check.gov.ua: select the bank or payment service from which the payment was allegedly made, and enter the 16-digit receipt code. The service will show the date, amount, and purpose of the payment. Keep in mind the limitation: only a portion of banks and payment services are connected to the service, so the absence of a receipt in the database proves nothing by itself, but a discrepancy in the data proves it's a forgery.

Shipping ruleThe product is shipped after the funds are credited to the account. Screenshots, receipts, "money is already on the way", and "reserved by the service" are not proof of payment. In doubtful cases, the fact of the transaction is confirmed or denied by your bank.

Orders with stolen data

The fraudster makes a purchase in someone else's name, with someone else's phone number, or pays with a stolen card. The owner of the data finds out about "their" order from the store manager or from a bank statement. For the store, this is a double risk: loss of the product and subsequent dispute of the payment by the legal cardholder. A mandatory confirmation call before shipping screens out most of these cases: a person who ordered nothing will say so immediately.

Phishing in correspondence with the "buyer"

The goal of such an "order" is the contact with the seller itself. In the summer of 2026, specialists from the BRAMA project recorded a scheme in which the "buyer" reports payment via "OLX Delivery" and sends a link to a fake page "to receive funds", where the seller is tricked into revealing card details along with SMS codes. Another option is a "receipt" or "order list" file containing malware.

The rules are simple: correspondence is conducted in official marketplace chats, links from buyers are not opened, and card details to "receive money" are not entered anywhere. Files from strangers must not be opened on the computer running the accounting program and storing the database: one such "receipt" can launch ransomware. Read more about protecting store computers in the article about information security.

Competitor attack and mass empty orders

A wave of identical requests overloads managers and ruins the store's metrics on marketplaces: canceled orders lower the rating. Bots, other people's phone numbers from open sources, and auto-filled forms from ads are used. E-commerce platforms advise analyzing the channels of request origin: if a surge in fakes comes from a specific ad campaign or affiliate network, the problem is solved at the ad settings level, and no amount of calling will help here. CAPTCHA screens out bots but is powerless against real people leaving requests intentionally.

Non-pickup as a separate scheme

A COD order without the intention to pick it up is the most expensive type of fake for the seller: round-trip shipping is paid out of the store's pocket. Market practice shows that a minimum prepayment screens out most of these requests. Schemes surrounding delivery and COD are covered in a separate article — about cash on delivery fraud: recipient substitution, serial non-pickups, returns with substituted goods.

Signs of a fake order

  • a series of identical orders in a short period of time, especially from one advertising channel;
  • nonsensical or incomplete data: fake names, random sets of letters, post office branch #1 everywhere;
  • invalid phone number, or the person doesn't pick up and doesn't reply to messages;
  • the number owner says they ordered nothing;
  • several orders with different names but the same phone number or delivery branch;
  • pressure for urgency and "payment" by screenshot instead of credited funds;
  • requests to click a link or open a file "for confirmation".

Typical seller mistakes

  • Shipping the product based on a payment screenshot, without verifying the funds were credited.
  • Lack of order confirmation via a call, especially for new buyers and expensive items.
  • Working without a customer database: every order is processed as if from a stranger, non-pickup history is not accumulated.
  • Identical conditions for everyone: a verified regular customer and an anonymous person with a new number get COD without prepayment.
  • Corresponding with "buyers" and opening their files on the computer running the accounting program.
  • Punishing the manager for missing a fake: after this, employees hide incidents, and the owner loses the big picture.

What to do with a suspicious order

  1. Stop the shipment. The reserved product won't go anywhere in an hour of checking.
  2. Call the buyer. A conversation resolves most questions: a real buyer confirms the details, a victim of data theft finds out about the problem, a fake doesn't answer. For more on proper conversations with buyers, see the separate article.
  3. Verify payment: account balance in the bank app, receipt code on check.gov.ua.
  4. Check the buyer in the database: order history, non-pickups, manager notes.
  5. Record the result. Mark a confirmed fake in the database, save the correspondence and request data.
  6. In case of an attempt to lure out money or data — report it to the Cyberpolice via cyberpolice.gov.ua. Losses above the threshold for petty theft (in 2026 — 3,328 hryvnias) are grounds for criminal proceedings under Article 190 of the Criminal Code of Ukraine.

What you must not do: ship the product "on trust" due to pressure for urgency, click links from the buyer, open sent files, share card details and SMS codes.

Prevention: a four-level order filter

Level 1. Technical site protection

CAPTCHA on the order form screens out bots. SMS number confirmation during checkout significantly reduces the number of fakes, although it adds costs for messages. Channel analytics show where empty requests come from and allow you to disable the problematic traffic source.

Level 2. Payment rules

Minimum prepayment for new buyers and for orders above a certain threshold. A symbolic amount of 50-100 hryvnias won't stop a real customer but makes a fake unprofitable. Shipping — only after funds are actually credited. For organizing prepayments without losing customers — see the separate material.

Level 3. Confirmation and customer database

A confirmation call for new buyers and expensive orders. Every recipient is entered into a database with a history: who picked up, who refused, who there was a conflict with. In a few months, the database itself answers the question of who can be shipped to via COD without prepayment.

Level 4. Employee discipline

Managers know the verification algorithm and have the right to stop shipping without the owner's approval. Every identified fake is reported to the owner or administrator. The computer with the accounting program is not used for chatting with buyers and opening third-party files.

Limits of Torgsoft's assistance

Torgsoft provides the manager with facts for decision-making: orders from the site enter the program through the Synchronization with online store option, the customer card shows order history, mutual settlements, and notes, payment exists only as a posted document, and the function of creating a customer by Nova Poshta waybill number accumulates a recipient database without manual work. The program cannot determine the buyer's intent: the decision to ship is made by a human, based on accounting data and store rules.

Distribution of responsibility

MeasureResponsibleFrequency
Rules for verifying orders and payments Owner: approves; managers: execute Review every six months
Confirmation calls, database notes Order processing manager Every new or suspicious order
CAPTCHA, SMS confirmation, site forms Site support contractor One-time setup, quarterly check
Traffic channel analysis for empty requests Owner or marketer Monthly and during surges of fakes
Reports to Cyberpolice in fraud attempts Owner Upon an incident

Owner's checklist

  • Approved written rules: when an order is confirmed by a call, when prepayment is required.
  • Product is shipped only after funds are credited to the account.
  • Managers know how to verify receipts via the bank app and check.gov.ua.
  • CAPTCHA or SMS number confirmation works on the order form.
  • Every buyer is recorded in the customer database, non-pickups and fakes are marked in notes.
  • A minimum prepayment applies to new clients and expensive orders.
  • Traffic channels are checked for surges in empty requests monthly.
  • Correspondence with buyers is not conducted from the computer running the accounting program.
  • Managers report fakes without fear of punishment.
  • Attempts to lure out money or data are reported to the Cyberpolice.