Preventing fake/false submissions with lead capture forms?

Kyle Wyatt
Kyle Wyatt Member Posts: 2
First Anniversary Name Dropper First Comment Photogenic
edited April 2023 in Sales CRM #1

I'm looking for advice or recommendations on how to resolve a problem: We have a WordPress website with a "Contact Form 7" plugin connected to PipeDrive via an API hook. These Contact Form 7 forms exist on nearly every page of our website and act as Lead Capture Forms for our business: People who submit the form become new leads in our PipeDrive Leads Inbox.

This past month we've seen a noticeable spike in fake leads. Not spam necessarily - we have Akismet Anti-Spam running on WordPress. These fake leads are just fake names with fake email addresses and phone numbers. No soliciting messages. No suspicious URLS. Using Outfunnel I can see that they're arriving on our website via Google/Organic search (thankfully not PCP), then clicking on a link, landing on our site, submitting the form, and bouncing off the page. To me, this looks like the work of Mechanical Turks.

Has anyone experienced something similar? Is there any way to stop this from happening without also making it more difficult for legitimate leads to come through? The only solution I'm aware of is to start blocking IPs, but I'm not sure how to view the IP address of a submitted lead. Knowing how to find the IP address would be helpful.

A final note: I don't understand why this is even happening. I wondered if it might be a business competitor. I've heard of people deploying dirty tactics like using MTurks to click on competitors' PCP search ads to soak up their budgets, but since our fakes are coming in via organic search it has no negative financial impact on our business – It's just wasting a little bit of our sales team's time as they vet inbound leads. It's a head-scratcher.

Thanks for any suggestions or insights on this.

Tagged:

Answers

  • Josh Buesking
    Josh Buesking Member Posts: 173
    First Anniversary First Comment First Answer 5 Likes
    edited April 2023 #2

    This is not a pipedrive issue so to speak. Any webform is going to have these issues.

    I use gravity forms in a similar manner with wordpress and activating honeypot has significantly cut down if not all but stopped it.

    Basically it's just a input field that is hidden from humans, the bots still see it and if they fill that input out the form doesn't get sent.

  • Kyle Wyatt
    Kyle Wyatt Member Posts: 2
    First Anniversary Name Dropper First Comment Photogenic

    Thanks Josh. A honeypot would definitely help cut down on spam, but my concern is that these are actual humans, hired through Mechanical Turk. It's just a working theory. We get spam bots on occasion, but they always leave messages that make them easy to spot. These are different. The issue I'm seeing is leads coming in that look like this:

    Name: Joan Dehne

    Phone: ###-###-#### (always outside our market, often not in service)

    Email: joan@dehne.com (sending an email will always result in a bounce-back)

    Business name: Abc

    Message: Abcd

    Source: Google / Organic

  • Josh Buesking
    Josh Buesking Member Posts: 173
    First Anniversary First Comment First Answer 5 Likes

    Nothing you can do to stop actual humans with still letting the ones you want through that I'm aware of.

    I'd also never underestimate the sophistication of bots.

This discussion has been closed.