So we've had all of the products on one of our sites marked "Out of Stock" for a bit while we figure some things out about the brand and line. Typically, the site gets about half a dozen or so organic visitors a day, so it's pretty low volume. However, over the weekend, I started getting a bunch of email notifications about accounts being created. For reference, we run this store on WP/Woocommerce using Stripe for payments. In total, we got around 70 or so of these account notifications (with a lot of them bouncing). These types of things happen with bots, so I didn't really pay it that much attention.
This morning, I went to check the analytics and noticed that we had seen a big increase in daily traffic starting about the middle of last week. It went from 6-8 a day to 50-60. Unsurprisingly, nearly all of them were direct visitors with no referral or acquisition data at all, and basically all of them bounced.
But here's where it gets weird. When I looked at what pages on the site they've been hitting, I noticed that the most visited page is the "Add Payment Method" page. When I went to check Stripe, sure enough, there are dozens and dozens of new customer accounts that have been created, many of them with credit card numbers.
Almost all of the email addresses used follow the following format: <firstname><lastname><2-3 random letters><2-3 random numbers>@<random major isp>.com
To me, this is a pretty obvious fraud attempt. Any ideas of how the scam is supposed to work? Any ideas of what to do to get this to stop? Should I contact Stripe about all of the fake accounts?
Thanks for any help or ideas!