All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Beware of a new kind of fraud
SmokyHosts
Member, Patron Provider
The customer will purchase a VPS/server from you and when you deploy the VPS/server and share the access details, they simply claim a refund saying that the access details were shared in plain text (mind it, its the access details of the VPS/server that were shared in plain text, while WHMCS by default hashes their WHMCS login passwords as per GDPR rules). If they had any sense, all they had to do was to change their VPS/server password and never share it with the host again!
To make things worst, if you don't offer refund, they raise it to PayPal saying the product wasn't delivered, and no matter how much proof you share with PayPal, they simply say that they "advice" to deliver items by trackable courier companies, without even recognizing that it is a digital delivery and not a physical one!
If anybody wants to know the full details of such a client, to be on the safe side, feel free to PM me. I will share the details of one such customer if you are a patron provider here.
Comments
Don't do that. Report them on maxmind and fraudrecord at most.
You should never share customer personal details to unrelated third parties without the customers consent, or - having been instructed to by court/law enforcement, regardless of if the account is in bad standing.
Not cool.
secure the initial posting!
unbelievable! the provider wants to share customer data with other providers via pm.
beware of @SmokyHosts
Where's the fraud part? They get their money back and they never use the VPS?
Don’t share it in plain text then. Don’t share it at all; let them find it out from the panel or whatever themselves.
But sharing client details, that’s not cool at all.
If you are consistent enough (10+ chargebacks per 48 - 72 hours), PayPal will freeze your account for "investigation", effectively rendering your payment gateway void. If you don't have alternative to PayPal - your business is at risk, both monetary and reputation.
It is very old type of attack. It is not scam per se, but attack.
Good luck.
Thanks, already reported to fraudrecord
Yeah but for that they don't need any excuse like "password was sent as plaintext".
When you have a payment giant like PayPal, who expects server access details to be couriered with a trackable code, you rather help your community rather than fall prey to such frauds
How many times has something like this actually happened to you for you to feel the need to open a thread?
Because while the title sounds dramatic as hell, from your post it just seems like some random moron did something dumb and that's it.
I am more worried about the way PayPal treats their sellers with their so called "Seller Protection" than the dumb moron
@SmokyHosts and GDPR ???
Pretty aware of GDPR and i don't plan on sharing the client's name, contact details or any PII stuff, but details of the pattern that such attackers follow.
Now that is over dramatizing the already lost case!
Its about sharing the pattern of attack rather than sharing the PII details of the customer
Thank you for that info, good to know.
invite me to the court hearing when you get sued for leaking customer info 😇😇😇 another reason to not buy from random noname small let hosts they do stuff like this
What happens if you just give the customer the refund and immediately cancel the VPS? Wouldn't that count as a refund rather than fraud, or have I misunderstood something?
The point being that as per the promotional offer rules, we had already clearly mentioned that we do not offer trials or refunds.
If it would have been a non-promotional offer, we would have even considered refunding at the first sense of such fraud, as its better to let go off such customers than bear them in the long run.
bro you quite literally typed "the full details of such a client", you can't backpedal when we can all just hit pageup.
Anyway I get that this might be annoying but what's the fraud part? They sign up and pay and then change their mind and want a refund. Can you explain to a simpleton like me? I don't provide vps so I might be missing something obvious.
edit: shit like this is why i disapprove of fraudrecord, customer wanted a refund report it as fraud!11
This issue is as old as WHMCS itself (or older).
There is no backpedaling here when we are pretty much aware of regulations set around sharing PII data without user's consent. If it wasn't obvious, maybe my responses later should have clarified my intent.
To explain the fraud part... Promotional offers are offered keeping some calculations in mind. Every business is here to run sustainably and not to give away freebies and shut shop the next day. And such promotional offers come with some rules that need to be adhered to.
The rule, very clearly written was that we do not offer refunds and/or trials on promotional offers. This was disregarded, by both, the customer as well as PayPal.
And try explaining it to PayPal that server access details are not sent by snailmail!
Ok they used paypal to force a refund that wasn't available due to the terms of the deal, now I understand. Thanks for explaining further.
edit: somebody teach vanillaforum how to quote, its 2025 for fucks sake.
In the European Union, customers automatically get a 14 day "cooling off period" where they are free to cancel contracts for digital services and request a refund "without justification". This applies to EU citizens, regardless of the location of the provider, similar to GDPR requirements.
Source: https://europa.eu/youreurope/citizens/consumers/shopping/guarantees-returns/index_en.htm
Right of withdrawal: a 14-day cooling-off period
"If you buy a product or service online, by phone or from a seller at your doorstep (in legal terms a “distance contract” or “off-premises contract”) you have the right to withdraw. This means you can cancel the contract within 14 days without providing any justification (the "cooling-off period"). For goods this means 14 days from the date of delivery, for services 14 days after the day the contract was agreed. If the cooling-off period expires on a non-working day, your deadline is extended until the next working day."
This information would have been much more relevant in your first post. Bringing it up this late weakens your overall argument...
I kindly request a removal of provider tag from SmokyHosts due to how they willingly wish to share private information of customers with any third party, without customer's consent, finding themselves in direct violation of their own privacy policy which was publicly posted on their website and agreed upon when all their customers registered.
EDIT: Forgot to tag the admins: @trewq / @jbiloh / @FAT32
This host shouldn't be welcomed here after making the offer to share client information.
Just in-case -> https://archive.md/DqqgX
Thanks for the clarification. So the onus is back on the provider rather than on the customer, no matter the terms mentioned
I think both of you missed my clarification throughout the thread and jumped to conclusion
Interesting plot twist, so essentially no provider can declare "no refunds" when dealing with a citizen of the EU. How is this enforceable though? Also, I'm moving to the EU hugs.
EUdSSR - patronization at every turn