Determining which referred purchases are acceptable or fraudulent often depends on your store's policies and how you run your referral program. ReferralCandy protects your program automatically: some referrals are blocked outright, and others are flagged for you to review. This article explains how that works — and how to investigate a flagged referral before you decide.
How ReferralCandy detects fraud
ReferralCandy checks every referred purchase and handles it in one of two ways, depending on what it finds.
Referrals blocked automatically
Some referrals are rejected outright. These are never counted, never appear in Fraud Center, and never earn a reward — you don't need to do anything about them. A referral is blocked when:
The referred friend is already an existing customer. Only first-time customers can be referred — repeat customers aren't counted as referrals.
The referral is a clear self-referral. If the referred friend's details exactly match the advocate's — the same name, the same email address, or the advocate's own referral code — the purchase isn't treated as a referral.
The friend was already referred by someone else. A customer can only be referred once.
Referrals flagged as suspicious
Other referrals aren't blocked, but show patterns that might point to fraud. ReferralCandy flags these as suspicious and notifies you so you can review them. These are automatic threshold checks — a flag simply means a referral crossed one of these lines, nothing more. A referral is flagged as suspicious when:
The advocate and the referred friend have similar — but not identical — names or email addresses.
More than 3 referred purchases come from the same IP address.
An advocate generates a high volume of referrals in a short time — for example, more than 5 referrals within a week.
A "suspicious" flag is a heads-up, not a verdict. It doesn't mean ReferralCandy has decided the referral is fraudulent — only that a pattern is worth your attention. ReferralCandy never disqualifies a referral or withholds a reward on its own; the decision is always yours. To give you time to review, the purchase review period for a suspicious referral is automatically extended to 14 days (if your review period is already longer than 14 days, it stays the same). Learn more about the review period for Shopify and other platforms.
Keeping an eye on suspicious activity
ReferralCandy surfaces suspicious activity in a few places:
On the ReferralCandy home page, the Suspicious customers card notifies you when there are suspicious referrals that need your attention. Click Review customers and note the deadlines — if the review period lapses before you act, the advocate is rewarded, and once rewarded the referred purchase can't be disqualified or voided.
A weekly suspicious-activity report is sent to your admin email address. Learn more about the admin email for Shopify and other platforms.
Periodically spot-check your top referrers for unusually high referral counts:
Shopify merchants: Go to Apps > ReferralCandy > Referral campaigns > Reports tab. The Top Referrers section ranks the top twenty advocates by successful referrals within your selected date range.
Non-Shopify merchants: On the ReferralCandy Home page, the Top advocates card ranks advocates by total referrals within the date range you set.
If an advocate stands out, it's worth checking whether they're an influencer who shares their referral link with an audience.
How to investigate a suspicious referral
A suspicious flag tells you a referral is worth a closer look — it doesn't tell you whether it's genuinely fraudulent. Work through these checks before you decide:
Review the Fraud Center entry. Open the entry (see Fraud Center below) and look at the referred friends — their names, emails, and purchase details. Are they clearly different people, or do they look patterned (similar names or emails, repeated details)?
Confirm they're genuine new customers. Only first-time customers can be referred. A burst of referrals from genuinely new buyers looks very different from one that isn't.
Check whether the link or code has been shared publicly. Search the web for the advocate's referral link or friend offer code. An advocate posting it on a blog, on social media, or on a coupon or deal site can generate a lot of volume quickly.
Ask the advocate directly. Email the advocate and ask how they've been sharing their link. Influencers, bloggers, and advocates with large followings often produce high — and completely legitimate — referral volume. Their answer is usually the fastest way to settle it.
Once you've reviewed, take action using the options in the Fraud Center entry. Whether an activity like posting a code on a coupon site counts as fraud is up to you — it depends on your own referral program's terms. We recommend setting out clearly, in your program's terms and conditions, what your team considers acceptable and unacceptable.
Fraud Center
Fraud Center is where you manage suspicious customers detected by the system and view your account's fraud history.
To review and manage suspicious purchases, go to your Fraud Center page:
From the ReferralCandy dashboard, go to My Store > Fraud Center.
From your Shopify admin, go to Fraud Center.
On the Fraud Center page, you'll see a list of the suspicious referral activities detected by the system.
Click each entry to review. Here you can view the customer's profile, their referral history, and the reason the system flagged them as suspicious.
Use the information on the page to decide what action to take.
For referrals flagged as possible self-referrals, you can disqualify or delete the purchase, ban the advocate, or do nothing (the advocate is rewarded when the review period ends).
For other types of suspicious referrals, the Is the advocate's referral activity fraudulent? box gives you three options:
Yes, it's fraud - Provides options to ban the advocate, and disqualify or delete the referred purchase.
Note: Deleting or disqualifying referrals makes the purchases non-rewardable and not commission-chargeable.
It's not fraud - Provides an option to mark the advocate as trusted. Trusted advocates are excluded from suspicious referral detection.
I'm not sure - Lets you reach out to us for help.
Do nothing, and the advocate is rewarded when the review period ends.
Note: Banning a contact is irreversible. Once an advocate is banned, they won't be able to refer friends and their pending rewards are disqualified. Learn more about banning contacts on Shopify and other platforms.
ReferralCandy's automatic checks catch common patterns, but can't detect every form of fraud — reviewing flagged referrals yourself remains your best safeguard. If you've reviewed a case and still can't tell, choose I'm not sure in the Fraud Center entry and let us know — we can help investigate further.
Fraud Center FAQ
Does a "suspicious" flag mean the referral is fraudulent?
Does a "suspicious" flag mean the referral is fraudulent?
No. A suspicious flag means the referral matched a pattern worth reviewing — for example, a high volume of referrals in a short time. It is not a determination of fraud. ReferralCandy never disqualifies a referral or withholds a reward on its own; you review the flagged referral and decide. See How to investigate a suspicious referral above.
What happens if I ignore suspicious referrals in Fraud Center?
What happens if I ignore suspicious referrals in Fraud Center?
If you don't take action, referred purchases that were tagged as suspicious will be considered legitimate, and the advocate gets rewarded when the review period is over.
Why can't I see the "Is the advocate's referral activity fraudulent?" box?
Why can't I see the "Is the advocate's referral activity fraudulent?" box?
If you don't see the Is the advocate's referral activity fraudulent? box and its options, it means the suspicious referred purchase is identified as a possible self-referral.
My customer's order is not a fraudulent order. How can I ensure that they will receive their reward?
My customer's order is not a fraudulent order. How can I ensure that they will receive their reward?
The Fraud Center sends alerts only for identified suspicious referrals, but ReferralCandy does not take action on those purchases. If you determine that a purchase is legitimate, you can ignore the fraud alert. The advocate will be rewarded as usual after the review period ends, provided that the purchase meets the reward conditions.
If you want to prevent ReferralCandy from tagging a customer's referrals as suspicious in the future, select the It's not fraud option to mark the advocate as a trusted contact. Note that this option is not available for self-referrals.