Hi all, I have a website with a subscription available for purchase. Over the course of two days, a bot or spammer purchased some subscriptions. The names are garbage (like "Vfdcjx Pilbu") and the emails are garbage (like "[Removed]" but with the @ symbol). Payments were made, and the money arrived in my PayPal account. You can't do much of anything valuable with these subscriptions other than see additional content on my website that free members can't access. It is not confidential information. I've disabled all of the accounts and re-added captcha to the form (it must have failed at some point recently and so the bot was able to easily sign up). I've stopped the bleeding, so to speak.
First question: why? What is the point of this? I assume the money was stolen (these were all Direct Credit Card Payments and not via PayPal accounts). Is there something I'm missing?
Second question: I've had one woman contact me using the information she saw on her statement (it had my site name and my phone number). She provided the correct subscription price, and I think she legitimately had her card number used fraudulently. All I have is her name and the last four numbers of the card, but of course I can't tie that to one of the PayPal charges. Is there a way that PayPal can help connect the two so I can refund her money? Or, what would you all do?
Thanks!
