SOLVED

Spam form fills, honeypot empty, different inferred locations

Go to solution
Milena_Volkova
Level 2

Spam form fills, honeypot empty, different inferred locations

Hi smart community members, can someone possibly help me? We are getting an influx of Contact Sales form submissions with fake data. They all have different company names, person names, countries. Emails are made-up, not known domains like gmail etc. Honeypot field for them is empty, they are all submitted within minutes of each other (not a the same exact time) and inferred city/country/company are different, even though it feels like the same person/people did it. 

 

Does anyone have a suggestion on what else I should check for and try? 

 

If this is not a bot, then reCaptcha will not help. What might they (whoever they are) be trying to do?

 

Thank you in advance

1 ACCEPTED SOLUTION

Accepted Solutions
Darshil_Shah1
Level 10 - Community Advisor

Re: Spam form fills, honeypot empty, different inferred locations

While if someone is deliberately making these spam form submissions, then as you said CAPTCHA won't work. They are probably using s VPN to establish a remote connection to servers located multiple geos hence you’re seeing different inferred data. Real humans don't use JS to submit forms. While this definitely is a curve ball but off the top of my head you could try the following:

 

-> Before processing people to the subsequent flows in your system, consider parking them in a list and deleting spam-like people directly from the system on a regular basis (ideally, daily or more frequently as you'd probably have an SLA for reaching back to people who fill Contact Sales form). You would want to update your lead management flows that trigger on person creation to not fire until you approve people from the list and deem them as valid and genuine people. You should do this at least till the time you're seeing a high influx of those non-programmatically-submitted-spam form submissions.

 

-> You could also automate the validation using a webhook-compatible service that checks and returns whether the person information is genuine, but you'd need to ensure that this meets data processing and privacy policies as you'd be sending PII out of Marketo (you could probably mention this in your privacy policy that is linked on your contact us form).

 

I'd love to see what others in the community think of this and whether they have any creative and more robust solutions for dealing with this. Also, Honeypot isn't actually that effective of a solution for catching bot submissions than the CAPTCHA is. Malicious actors could easily get to know about your honeypot requirements and then make the spam form submissions, that you'd think are valid as they all have honeypot field set as non-empty.

View solution in original post

5 REPLIES 5
Darshil_Shah1
Level 10 - Community Advisor

Re: Spam form fills, honeypot empty, different inferred locations

While if someone is deliberately making these spam form submissions, then as you said CAPTCHA won't work. They are probably using s VPN to establish a remote connection to servers located multiple geos hence you’re seeing different inferred data. Real humans don't use JS to submit forms. While this definitely is a curve ball but off the top of my head you could try the following:

 

-> Before processing people to the subsequent flows in your system, consider parking them in a list and deleting spam-like people directly from the system on a regular basis (ideally, daily or more frequently as you'd probably have an SLA for reaching back to people who fill Contact Sales form). You would want to update your lead management flows that trigger on person creation to not fire until you approve people from the list and deem them as valid and genuine people. You should do this at least till the time you're seeing a high influx of those non-programmatically-submitted-spam form submissions.

 

-> You could also automate the validation using a webhook-compatible service that checks and returns whether the person information is genuine, but you'd need to ensure that this meets data processing and privacy policies as you'd be sending PII out of Marketo (you could probably mention this in your privacy policy that is linked on your contact us form).

 

I'd love to see what others in the community think of this and whether they have any creative and more robust solutions for dealing with this. Also, Honeypot isn't actually that effective of a solution for catching bot submissions than the CAPTCHA is. Malicious actors could easily get to know about your honeypot requirements and then make the spam form submissions, that you'd think are valid as they all have honeypot field set as non-empty.

Christiane_Rode
Level 6 - Community Advisor

Re: Spam form fills, honeypot empty, different inferred locations

Can you see anything similar about their inferred information (I know you mentioned a lot that wasn't similar)? If you have city/state/zip on your form, does it match the inferred information? Are they using VPNs to hide who they are? To be clear, VPNs are incredibly common, especially in the remote-work space, so use of them isn't an immediate red flag. But certain consumer VPNs will look fishier than others as they are ones companies clearly won't be using.

 

@Darshil_Shah1's tip on isolating these submissions will be helpful as you work to diagnose and solve.

 

Depending on where this form is housed (Marketo LP or your own website), it might be worth it to touch base with a dev team (if this is outside of your area of expertise or experience) to be able to block certain malicious IPs from being able to submit information via the form.

 

Also, if you haven't already done so, please be sure you evaluate any automations associated with form submissions from this form so you don't accidentally have one of these potentially malicious actors sneak into a critical workflow.

SanfordWhiteman
Level 10 - Community Moderator

Re: Spam form fills, honeypot empty, different inferred locations


Depending on where this form is housed (Marketo LP or your own website), it might be worth it to touch base with a dev team (if this is outside of your area of expertise or experience) to be able to block certain malicious IPs from being able to submit information via the form.

But you can’t use IP rules on a 3rd-party webserver to stop people from submitting Marketo forms to Marketo. The communication is from the client to Marketo.

Milena_Volkova
Level 2

Re: Spam form fills, honeypot empty, different inferred locations

Thank you everybody for your responses. There was not much to glean from analyzing those form submissions. As I said, almost all had different inferred locations and IP addresses, so there is nothing I can do about trying to block them. My guess it was a prankster, not a bot activity.

Darshil_Shah1
Level 10 - Community Advisor

Re: Spam form fills, honeypot empty, different inferred locations

Do consider parking new people for manual review/validation instead of letting people flow through your operational flow unnecessarily as soon as they enter your database if you see a ton of such non-bot-spam form submissions.