"Phishing" is when scammers send emails or text messages attempting to trick you into giving them your personal information. These emails often impersonate trusted companies like Squarespace.
If you received a suspicious email that looks like it’s from us - or another company claiming to be associated with us - don’t click links or reply to the message. Instead, consider reporting this email to your email provider.
Tip: You might receive spam through your site's Form Blocks. We recommend enabling Google reCAPTCHA to make it more difficult for spam bots to contact you.
How to spot a phishing scam
While scammers adjust their tactics frequently, look out for these classic signs of a phishing or spoof message:
- Requests for your bank account, username, password, social security number, or identity. Never share this information.
- An urgent tone or claim that your account is compromised.
- An email with a link to verify your account information.
- Typos in the From email address. It’s common to see something like firstname.lastname@example.org (typo).
- Suspicious links that don’t lead to www.squarespace.com. Before you enter your login information or click on a link, double-check the URL.
- Emails that mimic our design.
Official Squarespace email addresses
If you're not sure whether an email address belongs to Squarespace, compare it to this list of official email addresses:
- email@example.com (Customer Care)
- firstname.lastname@example.org (Email notifications from your site)
- email@example.com (Form Block submissions from your site)
- firstname.lastname@example.org (Squarespace Note app)
- email@example.com (Squarespace Domain verification)
Information Squarespace might request
Squarespace might ask for information to verify your account if you contact us, like the last four digits of your credit card.
Information Squarespace will never request
- Your full credit card number
- Your bank account or routing number
- Your password
- Your social security number
You should never share this information unless it’s with a known and trustworthy party.
What to do if you received a suspicious email
- Don’t click any links or images.
- Don’t reply.
- Consider reporting the message to your email provider. (Instructions: Gmail, Outlook, Yahoo!, AOL)
- Delete it.
- If you want to report it to us, contact us here.
What to do if you clicked a link or provided sensitive information
- Change your password for any potentially affected accounts, such as Squarespace or Stripe.
- If you’re concerned that a particular account has been compromised, visit the official website for that account (go to the URL directly in your browser, not through the email) and reach out to their support team.
- Check your bank statements frequently for unauthorized transactions.
- Report the message to your email provider. (Instructions: Gmail, Outlook, Yahoo!, AOL)
General Internet safety tips
- Change your passwords often.
- Don’t share your login information.
- Never send your password or sensitive information via email, no matter how convincing the person sounds.
- Use different passwords for different accounts. If one of your passwords is compromised, the other ones will be safe.
- Don’t assume that an email is from a company just because it contains the company logo or their name appears in your inbox as the “From” name.
- Learn more about phishing emails at OnGuard Online.