Fraudulent tips/donations?

brooklet · March 26, 2026, 2:42pm

For the last couple of weeks, I’ve been getting a series of fraudulent payment attempts through my Ghost tip form (15 individual payments, starting March 8). All were blocked by Stripe, fortunately, until one got through today.

My first thought was to temporarily disable Tips & Donations in settings, but looks like that’s not an option. As long as there’s no risk on my end when they fail, I’d rather keep tipping open anyway, but I guess I’ll just have to be vigilant to catch any that get through.

Is this happening to anyone else? And is there anything else I should do?

John · March 26, 2026, 3:55pm

Haven’t seen this before! What sort of patterns are you seeing in the payment attempts?

brooklet · March 26, 2026, 9:22pm

Here’s what I’m finding with the 15 attempts so far:

All are under $3, and all random amounts ($2.18, $2.40, $2.24, and so on.).
Most use Hotmail addresses, but a few are also Gmail and Yahoo.
Some provide names, which are usually matched by the email address.
Most are located in US, one Costa Rica.
Variety of failure reasons:
- Invalid card number
- “Blocked by a default Radar rule due to a high risk of fraud.”
- “Blocked by Stripe”
- “3D Secure attempt failed”
No pattern on time of day or how frequently, but never more than three per day.

Happy to email a CSV export of all of these, if it helps!

alexnguyen · March 31, 2026, 10:19am

I think what’s happening here is that your tip form is being used as a card testing endpoint.

Fraudsters often run stolen card lists through small payment forms like this to see which cards are still valid. If a charge goes through, they’ll then use that card elsewhere for larger transactions.

Even if most attempts are blocked, the pattern you’re describing (multiple small attempts over a short period) is pretty typical of that behavior.

I’d be a bit concerned about the impact on your Stripe account as well — a high volume of failed or flagged payments can sometimes trigger risk reviews or restrictions.

If it were me, I’d temporarily disable tips for now and re-enable later once things cool down, or at least add stricter protections (check unsual Cloudflare IPs, block rules, CAPTCHA, Turnstile etc.) if possible.

Better to stay on the safe side than risk getting your account flagged.

brooklet · March 31, 2026, 1:21pm

That’s my assumption as well. Stripe support did warn about disputed payments for those that do get through, but I didn’t realize my account could be flagged even for the failed ones.

brooklet · March 31, 2026, 1:31pm

Ah! While looking for a way to disable the payment link in Stripe, I found that the fraudulent attempts are all coming in through a separate Stripe payment link I made before the Tips & Donations feature was added to Ghost. I’ve now disabled this one and switched to Ghost’s payment link instead.

I assume that the same could happen at any point with the Ghost payment link as well, as they’re identical, but until they find it, my issue should at least be resolved.

ngeorger · April 1, 2026, 11:34pm

Thanks, very useful info!

eli · April 2, 2026, 3:47pm

A captcha can really help. If your form is just a little bit more annoying to fill out in a repetitive or automated way, they’ll go find another one.

Topic		Replies	Views
Sudden surge of fraudulent payment attempts Memberships & subscriptions	6	798	May 3, 2023
Using Stripe integration for subscriptions/memberships AND tip jar/etc? Memberships & subscriptions	6	1055	September 4, 2024
Tips & donations - Ghost Changelog News	4	377	September 24, 2024
Tips and Donations Memberships & subscriptions	2	114	September 29, 2024
Tips and Donations feature on the way in Sept 2024 Using Ghost	11	513	January 26, 2026

Fraudulent tips/donations?

Related topics