Dynadot

Credit emails from GoDaddy. FYI: The amount is wrong.

Spaceship Spaceship
Watch
Anyone else just get an email from Godaddy (yes, verified actual godaddy email - not spoof) saying they have a credit for a domain backorder?

I recall putting nothing on backorder at GD, and can find nothing with the referenced amount..

Anyone else get an email like this? Thinking it is an error unless they charged me something in the past I did not realize. (and GD's website when trying to view orders is giving me a Bad Gateway error at the second - so can't confirm)

Your refund receipt number is: *********

May 26, 2020

QTY ITEM PRICE

-1 Private Domain Backorder ($649.00)

Subtotal: ($649.00)

Shipping & Handling: $0.00

Tax: $0.00

Store Credit: $0.00

Total: ($649.00)
 
0
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
This is definitely a phising attempt.
Don't click on any link in that email
 
1
•••
This is definitely a phising attempt.
Don't click on any link in that email
I do not believe so. I have been in IT over 20 years. I have already checked the headers:

Received: by m319.em.secureserver.net

The only link points to godaddy's actual server (I don't click email links anyway), and it has my customer #. All signs point to godaddy sent this email.
 
0
•••
I've seen many sites hosted on sexureserver.net that were dodgy.

Godaddy let's other people host on that I think.
 
1
•••
I've seen many sites hosted on sexureserver.net that were dodgy.

Godaddy let's other people host on that I think.
Agree it is possible it is a phishing attempt, but I find it unlikely that godaddy would allow anyone to spoof the godaddy.com domain on their secureserver.net email system. Seems like that would be a no brainer.
 
0
•••
Fair enough. If I remember I'll see if I can dig out the dodgy email I got from secureserver.net as an example.

Its probably not a scam if you're satisfied that the email matches the info in your account.

You only have to Google site:secureserver.net to see how much rubbish is hosted on it.
 
Last edited:
1
•••
:ROFL::ROFL::ROFL::ROFL::ROFL::ROFL::ROFL:

Godaddy's account site just came back up. It was a valid credit. Only thing is it is for $6.49 - not $649 that the email said.

So noone get excited if they get an email like this! :xf.smile:

(I wasn't excited. I was going to contact GD and have them remove it if not valid - but I know some others would be :xf.wink:)
 
1
•••
how could it be a phishing attempt if the links go to godaddy?

got the same email now but with -999 as the amount
 
1
•••
0
•••
how could it be a phishing attempt if the links go to godaddy?

got the same email now but with -999 as the amount
It is $9.99 :)
 
1
•••
how could it be a phishing attempt if the links go to godaddy?

got the same email now but with -999 as the amount

if you have an open redirect vulnerability*, like somewhere.godaddy.com/vulnerable?url=attacker.com, it can be almost hidden in plain-sight but it leads to an attacker controlled page

secondly no big deal to get customer #, if you have done deals on NP directly, someone might have it ;)

many subdomains of *.secureserver.net are in private use i suppose.

So there's enough reason for OP to consider it phishing but as we know GD's backend is old, buggy and recently got hacked, no wonder its suspicious. Possible its a malicious person manipulating the emails, who knows?

OP has a valid concern.

*Reference: https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html (open redirect)
 
Last edited:
1
•••
Lots of errors lately. I just got an email from Godaddy saying a domain would be autorenewed in my account, a domain I sold about 2 years ago.
 
Last edited:
2
•••
if you have an open redirect vulnerability*, like somewhere.godaddy.com/vulnerable?url=attacker.com, it can be almost hidden in plain-sight but it leads to an attacker controlled page

time for them to run a free scan to find out?
😉
 
0
•••
What? I received today a similar email but for $999. The email has my customer number and it seems legit. Maybe info leak happened?
 
0
•••
What? I received today a similar email but for $999. The email has my customer number and it seems legit. Maybe info leak happened?
No... Figured out this is all legit. GD is just accidentally putting the decimal point in the wrong place in the email. Check your order history.
 
1
•••
Yes, mine was for $1,298.00. :xf.laugh:

Looks like they moved the decimal place over too far.

Just a glitch in the eMail, actual amount refunded was $12.98.

Question is why was this refunded at all? Mine was some kind of backorder charge, but it was associated with a GoDaddy Auctions membership purchase number.

Weird.
 
Last edited:
1
•••
These are returning amounts?
 
0
•••
These are returning amounts?
Yes. Store credit.

I never found where or have any memory of backordering a domain from Godaddy in many many years, but that is what my credit is for. Maybe something old or a mistake? Not sure...

What was yours for and does it seem correct?
 
0
•••
Yes. Store credit.

I never found where or have any memory of backordering a domain from Godaddy in many many years, but that is what my credit is for. Maybe something old or a mistake? Not sure...

What was yours for and does it seem correct?
Thanks for help. I write from an old phone and I cannot provide screenshots right now but I will.
 
1
•••
Yes, mine was for $1,298.00. :xf.laugh:

Looks like they moved the decimal place over too far.

Just a glitch in the eMail, actual amount refunded was $12.98.

Question is why was this refunded at all? Mine was some kind of backorder charge, but it was associated with a GoDaddy Auctions membership purchase number.

Weird.
Ahhh didn't see this post. Are they accidentally issuing refunds that shouldn't be? I was wondering, but this makes me more curious.

I believe when you get an auction membership you get free domain monitoring in the backorder system. Maybe some accounting issue is making them refund part or old charges? That or they need to get on top of this quickly as many people will spend that store credit quickly.

@Joe Styler
 
0
•••
1
•••
Sorry for the delay. I was not on Namepros last week from Thursday to Monday and when I logged in yesterday I had about 50 alerts and a bunch of PMs so I am working through them in order.

I did see your message last week I think via twitter or somewhere else someone pointed it out to me and I let the email team know. They were aware of the error with the decimal point and looking to fix it and update people.

The refunds are legitimate it is for the difference between an standard backorder and a private backorder based on the price you paid at the time of the backorder credit. Privacy on backorders is going away shortly and will be revamped as there is more or less a free privacy to Europeans under GDPR and California enacted a privacy law so there are updates coming in privacy for backorders in the near future and we are proactively refunding anyone who paid for privacy as an upgrade to a backorder credit and no longer can use it for backorders.
 
0
•••
Back