CODfake ordersfraud prevention

COD Competitor Sabotage: How to Stop Fake Bulk Orders

Dashboard showing blocked fake COD orders with fraud detection alerts and order verification controls

A merchant on the Shopify Community forum posted this: "A competitor is placing multiple fake orders to destroy our pixel data. What do we do?" The thread had dozens of replies from merchants dealing with the same problem. Some reported 500+ fake COD orders per day hitting their stores.

Fake COD orders from competitors are one of the most expensive problems in emerging market ecommerce. It's deliberate sabotage — competitors placing bulk fake cash-on-delivery orders to drain your shipping budget, tie up your inventory for weeks, and tank your courier performance scores. In competitive COD markets like India, MENA, and Southeast Asia, it's more common than most merchants realize.

Each fake COD order that ships costs Indian D2C brands ₹180–240 in forward shipping, reverse logistics, and repackaging. At scale, a store processing 10,000 COD orders per month with a 30% return-to-origin rate loses ₹5.4–7.2 lakh monthly on orders that never should have left the warehouse. When a chunk of those returns come from a competitor flooding your store with garbage orders, you're literally funding their advantage.

How Do Fake COD Orders From Competitors Actually Work?

Regular fake orders come from impulse buyers or trolls. Competitor sabotage looks different. Here's what to watch for:

  • Order clustering: 20–50 orders placed within a short window, often during off-peak hours when your team isn't monitoring
  • Recycled details: Slight variations of the same phone number, address, or name — "Rahul Sharma," "R. Sharma," "Rahul S." all going to addresses that don't quite exist
  • Single-SKU targeting: Orders hitting your best-selling product repeatedly, tying up that specific inventory
  • Pixel poisoning: Fake orders that mess with your Facebook or Google ad data, making your campaigns optimize toward non-buyers

On BlackHatWorld — a forum where people openly discuss these tactics — threads describe "automatic fake order creators" that upload customer databases to competitor Shopify stores. Some sellers treat this as a standard competitive move, the same way they'd run negative SEO. It's not. It's fraud. But knowing it exists means you can defend against it.

Set Up OTP or WhatsApp Verification on Every COD Order

This is the single highest-impact, lowest-effort defense. Requiring a one-time password via SMS or WhatsApp before a COD order confirms forces the buyer to prove they own the phone number they entered.

Bots and bulk fake order scripts can fill in random phone numbers. They can't receive and enter an OTP from those numbers. Voice call verification alone has been shown to reduce fake COD orders by 25–40%. For a step-by-step setup walkthrough, see our guide on adding OTP verification to Shopify COD orders.

The tradeoff: you'll add friction to legitimate orders too. Expect a small dip in conversion rate — typically 3–5%. But if you're losing 15–30% of orders to RTO from fake orders, the math is obvious. A 4% conversion dip that eliminates 30% of your RTO is a massive net win.

EasySell includes built-in OTP verification via SMS and WhatsApp directly on the order form — no separate app or third-party integration required.

Rate-Limit Orders by Phone Number and IP Address

Legitimate customers don't place 15 orders in an hour from the same phone number. Competitors using fake order scripts do.

Set hard limits:

  1. Max orders per phone number per day: 2–3 orders is reasonable for most stores. Anyone placing more than that from the same number gets blocked automatically.
  2. Max orders per IP address per hour: Set this based on your normal traffic patterns. If your average customer places one order per visit, flag anything above 3 from the same IP in a 60-minute window.
  3. Max order quantity per SKU: If someone orders 50 units of your best-seller on COD, that's not a customer — that's either a reseller or a saboteur. Cap single-order quantities at a level that makes sense for your products.

These limits won't catch every fake order. But they'll stop the bulk attacks — the ones where a script hammers your store with hundreds of orders in a single session.

Require a Partial Payment to Filter Out Non-Serious Buyers

This is the nuclear option for high-RTO stores, and it works. Instead of full COD (pay nothing upfront, everything on delivery), require a small deposit — ₹50, ₹99, or 10% of the order value.

The logic is simple: a competitor willing to place 500 fake COD orders isn't willing to pay ₹50 on each one. That's ₹25,000 out of pocket just to mess with you. The economics of sabotage collapse when there's real money involved.

Partial payment also filters out impulse buyers who have no intention of accepting delivery. Stores that switch from full COD to partial prepayment consistently report RTO drops of 40–60%.

The risk: some legitimate COD customers will abandon when asked to pay upfront. You'll lose some orders. Test it on your highest-RTO products first before rolling it out store-wide. If a product has 35%+ RTO, adding a ₹50 deposit is almost always worth it. For the full setup process, see our guide on Shopify partial payment setup for COD orders.

Build a Blocklist That Actually Updates Itself

A static blocklist — manually adding phone numbers after each fake order — doesn't scale. By the time you've blocked one number, the saboteur has moved to the next.

Build a dynamic system instead:

  • Auto-block phone numbers that generate RTO orders. If an order ships and comes back undelivered, that phone number gets flagged. Two RTOs from the same number? Auto-blocked.
  • Block by pincode/ZIP. If you're seeing clusters of fake orders from specific postal codes, block COD for those areas temporarily. You can still offer prepaid.
  • Cross-reference new orders against your RTO database before shipping. A phone number that's already caused one failed delivery shouldn't get a second chance on COD.

EasySell's blocklist feature lets you block by phone number, email, or IP address — and you can combine it with order limits to create layered defenses without needing multiple apps.

Monitor the Patterns Before They Become Losses

Competitor sabotage often starts small. Five fake orders on Monday. Ten on Wednesday. Fifty on Friday. By the time you notice, you've already shipped hundreds of orders that will come back as RTO.

Set up daily monitoring for these red flags:

  • RTO rate spikes: If your baseline RTO is 12% and it suddenly jumps to 25%, investigate before shipping more orders
  • New-customer COD concentration: A sudden surge of first-time buyers all choosing COD, all from the same region, is a red flag
  • Order-to-delivery ratio drops: Track how many orders actually get delivered vs. placed. A declining ratio means something is wrong upstream
  • Pixel data anomalies: If your Facebook ad costs spike while ROAS tanks, fake orders may be corrupting your conversion data

Export your COD orders to a spreadsheet daily (or automate it with Google Sheets integration) and look for clustering patterns. Ten minutes of analysis each morning can save you from shipping a batch of fake orders that afternoon.

Layer Your Defenses — No Single Tool Stops Everything

The merchants who consistently beat competitor sabotage don't rely on one tactic. They stack multiple defenses so each layer catches what the previous one missed:

  1. First layer — OTP verification: Stops bots and scripts immediately. Eliminates 60–70% of automated fake orders.
  2. Second layer — rate limiting: Catches anyone trying to place bulk orders from the same device, number, or IP.
  3. Third layer — partial payment: Filters out the remaining non-serious orders by requiring skin in the game.
  4. Fourth layer — dynamic blocklist: Learns from your RTO data and automatically blocks repeat offenders.
  5. Fifth layer — daily monitoring: Catches new attack patterns before they scale.

Each layer alone has gaps. Together, they make your store an expensive, frustrating target — and saboteurs move on to easier prey.

Start with OTP verification today. It takes 10 minutes to set up, costs almost nothing, and handles the majority of automated fake order attacks. Add rate limiting and a blocklist this week. If your RTO is still above 15% after that, test partial payment on your worst-performing products. You don't need to implement everything at once — but you do need to start before the next wave of fake orders hits your shipping budget.