Determining which referred purchases are acceptable or fraudulent often depends on your store's policies and how you run your referral program. ReferralCandy protects your program automatically: some referrals are blocked outright, and others are flagged for you to review. This article explains how that works — and how to investigate a flagged referral before you decide.
How ReferralCandy detects fraud
ReferralCandy checks every referred purchase and handles it in one of two ways, depending on what it finds.
Referrals blocked automatically
Some referrals are rejected outright. These are never counted, never appear in Fraud Center, and never earn a reward — you don't need to do anything about them. A referral is blocked when:
The referred friend is already an existing customer. Only first-time customers can be referred — repeat customers aren't counted as referrals.
The referral is a clear self-referral. If the referred friend's details exactly match the advocate's — the same name, the same email address, or the advocate's own referral code — the purchase isn't treated as a referral.
The friend was already referred by someone else. A customer can only be referred once.
Referrals flagged as suspicious
Other referrals aren't blocked, but show patterns that might point to fraud. ReferralCandy flags these as suspicious and notifies you so you can review them. These are automatic threshold checks — a flag simply means a referral crossed one of these lines, nothing more. A referral is flagged as suspicious when:
The advocate and the referred friend have similar — but not identical — names or email addresses.
More than 3 referred purchases come from the same IP address.
An advocate generates a high volume of referrals in a short time — for example, more than 5 referrals within a week.
A "suspicious" flag is a heads-up, not a verdict. It doesn't mean ReferralCandy has decided the referral is fraudulent — only that a pattern is worth your attention. ReferralCandy never disqualifies a referral or withholds a reward on its own; the decision is always yours. To give you time to review, the purchase review period for a suspicious referral is automatically extended to 14 days (if your review period is already longer than 14 days, it stays the same). Learn more about the review period for Shopify and other platforms.
Keeping an eye on suspicious activity
ReferralCandy surfaces suspicious activity in a few places:
On the ReferralCandy home page, the Suspicious activity indicator shows where you stand at a glance: green None detected when everything's clear, or orange Needs review with the number of flagged advocates. Click Go to fraud center to review them, and note the deadlines — if the review period lapses before you act, the advocate is rewarded, and once rewarded the referred purchase can't be disqualified or voided.
A weekly suspicious-activity report is sent to your admin email address. Learn more about the admin email for Shopify and other platforms.
Periodically spot-check your top referrers for unusually high referral counts:
Shopify merchants: Go to Apps > ReferralCandy > Referral campaigns > Reports tab. The Top Referrers section ranks the top twenty advocates by successful referrals within your selected date range.
Non-Shopify merchants: On the ReferralCandy Home page, the Top advocates card ranks advocates by total referrals within the date range you set.
If an advocate stands out, it's worth checking whether they're an influencer who shares their referral link with an audience.
How to investigate a suspicious referral
A suspicious flag tells you a referral is worth a closer look — it doesn't tell you whether it's genuinely fraudulent. Work through these checks before you decide:
Review the Fraud Center entry. Open the entry (see Fraud Center below) and look at the referred friends — their names, emails, and purchase details. For a possible self-referral, the entry lines the advocate's and the purchaser's details up side by side — on Shopify, that includes their shipping addresses. Are they clearly different people, or do they look patterned (similar names or emails, repeated details, matching addresses)?
Confirm they're genuine new customers. Only first-time customers can be referred. A burst of referrals from genuinely new buyers looks very different from one that isn't.
Check whether the link or code has been shared publicly. Search the web for the advocate's referral link or friend offer code. An advocate posting it on a blog, on social media, or on a coupon or deal site can generate a lot of volume quickly.
Ask the advocate directly. Email the advocate and ask how they've been sharing their link. Influencers, bloggers, and advocates with large followings often produce high — and completely legitimate — referral volume. Their answer is usually the fastest way to settle it.
Once you've reviewed, take action using the options in the Fraud Center entry. Whether an activity like posting a code on a coupon site counts as fraud is up to you — it depends on your own referral program's terms. We recommend setting out clearly, in your program's terms and conditions, what your team considers acceptable and unacceptable.
Fraud Center
Fraud Center is where you review the advocates ReferralCandy has flagged for suspicious referral activity, see why each one was flagged, and decide what happens next. To open it:
From the ReferralCandy dashboard, click Fraud center in the side menu.
From your Shopify admin, open ReferralCandy and click Fraud center in the app's side menu.
The Fraud Center page lists one row per flagged advocate: how many flagged referrals they have (Suspicious activity), any rewards already involved (Total incentives), and Days left to review — with a Last day to review marker when time is nearly up. The Fraud history button at the top right shows the actions you've taken in the past — more on fraud history for Shopify and other platforms.
Reviewing a flagged advocate
Click a row to open the advocate's entry. Everything you need to make a decision sits in one place:
Why they were flagged — a card explaining the trigger. For a possible self-referral, it compares the advocate's and the purchaser's details side by side: first name, last name, email, and, on Shopify, their shipping addresses — so you can check for a match without looking each order up in Shopify yourself. The shipping address is pulled from your Shopify order for display only; ReferralCandy doesn't store it. For a high-volume flag, the card summarizes the advocate's unusual referral volume instead.
The advocate's details — their name and email, friend coupon code, their own shipping address and payment gateway where available, and a View fraud history button if you've taken action on this contact before.
The flagged purchases — each suspicious referred purchase with its type (for example, Self Referral or High Volume) and the days left to review before the advocate is rewarded.
Deciding what to do
Once you've reviewed the entry (see How to investigate a suspicious referral above), you have four ways to respond:
Ban the advocate — if you've concluded it's fraud, click the red Ban button in the entry. Banning stops the contact from referring again and disqualifies their pending rewards.
Mark them as safe — if the activity is legitimate (an influencer, or a genuinely enthusiastic advocate), click Exclude suspicious referral detection. ReferralCandy stops flagging that contact's referrals as suspicious from then on.
Reward them early — if you've verified the flagged purchases are valid, you don't have to wait out the review period: on Shopify, you can approve the pending referrals manually so the advocate gets their reward sooner. See [Shopify] Marking a purchase as referred + Approving Referrals.
Do nothing — the referrals stay in review until the extended review period ends (14 days for suspicious referrals, or your usual review period if that's longer). If you haven't acted by then, they're treated as legitimate and the advocate is rewarded as usual.
Note: Banning a contact is irreversible. Once an advocate is banned, they won't be able to refer friends and their pending rewards are disqualified. Learn more about banning contacts on Shopify and other platforms.
ReferralCandy's automatic checks catch common patterns, but can't detect every form of fraud — reviewing flagged referrals yourself remains your best safeguard. If you've reviewed a case and still can't tell, let us know — we can help investigate further.
Fraud Center FAQ
Does a "suspicious" flag mean the referral is fraudulent?
Does a "suspicious" flag mean the referral is fraudulent?
No. A suspicious flag means the referral matched a pattern worth reviewing — for example, a high volume of referrals in a short time. It is not a determination of fraud. ReferralCandy never disqualifies a referral or withholds a reward on its own; you review the flagged referral and decide. See How to investigate a suspicious referral above.
What happens if I ignore suspicious referrals in Fraud Center?
What happens if I ignore suspicious referrals in Fraud Center?
If you don't take action, referred purchases that were tagged as suspicious will be considered legitimate, and the advocate gets rewarded when the review period is over.
How do I stop ReferralCandy from flagging a trusted advocate as suspicious?
How do I stop ReferralCandy from flagging a trusted advocate as suspicious?
To stop ReferralCandy from flagging a trusted advocate's referrals as suspicious, open their Fraud Center entry and click Exclude suspicious referral detection. From then on, that contact's referrals won't be flagged. It's the right call once you've verified the activity is legitimate — an influencer with genuinely high referral volume, for example.
My customer's order is not a fraudulent order. How can I ensure that they will receive their reward?
My customer's order is not a fraudulent order. How can I ensure that they will receive their reward?
The Fraud Center sends alerts only for identified suspicious referrals, but ReferralCandy does not take action on those purchases. If you determine that a purchase is legitimate, you can simply ignore the alert — the advocate is rewarded as usual once the review period ends, provided the purchase meets the reward conditions. On Shopify, you can also reward them sooner by approving the pending referral manually — see [Shopify] Marking a purchase as referred + Approving Referrals.
To stop ReferralCandy from flagging that customer's future referrals, open their Fraud Center entry and click Exclude suspicious referral detection.