I purchased a domain at Cloudflare yesterday. Today I receive an email from firstname.lastname@example.org with the subject ACTION REQUIRED User Billing verification step required for your Cloudflare account.
Yup you would never send such PII over plain text email. Plus you would only need to send ID #s if say applying for merchant services. That should be done through your local bank.
The best policy is to trust nothing, question everything.
I reached out to support to make sure. If for some reason they come back saying that is legit, I’m going to take my business elsewhere. The whole reason I’m self-hosting is to avoid unnecessary personal information getting out there.
Apparently I somehow appeared suspicious to them. I asked Cloudflare support directly about this and it appears the request was legit. Here’s what happened when I ignored the request:
“The registration of the domain was found to be of a fraudulent nature and the purchase transaction was cancelled and refunded and the domain deleted.”
Not sure what made my purchasing a domain appear fraudulent. I’ve never ran into this type of thing before. My bank flags things sometimes, but never has a company given me such difficulty purchasing something.
Yeah, due to their actions taken against @liquidsuspension for calling the purchase of the domain “fraudulent” (I would question why Cloudflare would call it as such), I won’t be using their CDN service for my website.
Personally I would appreciate an extra step a company takes to verify things as it would make things safer for all of us… On the other hand, I would never ever send that sort of sensitive information over an e-mail…
Actually in our country it is totally against the AVG law to even ask for such information… That alone would raise numerous flags… But yeh… Not sure how things are in the US in that regard.