Some users are reporting SPAM donations even with all of our recommended methods of SPAM prevention.
One suggestion is an encoded timestamp on the form which GiveWP would check for validity when the form is submitted, to prevent donations that are happening as a result of pinging a URL without visiting a form.
Either way, we need to more aggressively combat donor spam.