Website Design

Watch Out For Spam Email Posing as Squarespace, MailChimp and Stripe

Do the screenshots of emails below look familiar? If you have a Squarespace account or use MailChimp, they might. Hopefully you didn't click on them, because they are totally fake and are phishing for personal information from you that could take down your website and cripple your business.

 Screenshot of a fake spam email posing as Squarespace.

Screenshot of a fake spam email posing as Squarespace.

 Screenshot of a fake spam email posing as Stripe.

Screenshot of a fake spam email posing as Stripe.

Fake email that is very well designed to look like its really from these companies has infiltrated the brands of Squarespace, MailChimp and Stripe. Those companies aren't sending the fake email. In fact, they have nothing to do with it. Posers are ripping off the designs of typical Squarespace, MailChimp, and Stripe emails usually sent to customers. Their purpose is to scare customers into thinking something is wrong with their accounts, and then click on a link to fix it.

In the picture on the right  is a fake email from Stripe, a payment processor similar to PayPal or Authorize.net, telling me of a recent sale for $104 - which never happened - this is fake. Don't be fooled by sudden emails of fake cash money into your account!

Can Fake Email - Spam - Hurt Me?

Yes. If you click on a link, you may be logging into a fake website which would give bad guys your login information, which they can then take and mess with your stuff. Translation: insert bad pictures, take your website offline, etc.

Aren't Fake Emails Only From Banks?

Fake, spam, or phishing emails, used to be somewhat limited to banks. A typical fake-out would be that you were emailed by Chase or PayPal with some notification telling you that you needed to click the links in the email in order to verify your account. You would do that, and BAM, you had just given your safely guarded information to bad guys.

When you click the links in that email, and/or if you enter in any username or password information onto the other end (although just clicking alone could yield some information you didn't know you were handing over), you are giving thieves the keys to your house, and they will use those keys to set traps to steal your personal information, and ransack the place.

What Does It Look Like When Bad Guys Hack My Website?

This comes in many forms. Your website could either:

  • Disappear.
  • Speak in German - as in, the content that was in English has been replaced with German or another language and you have no idea what it says.
  • Display a page of links that lead to further bad things.

A Website Take-Down Happened To This Unsuspecting Business Owner

In addition to my role at Tin Shingle, I also run a digital design agency,  InHouse Design Media that works a lot with Squarespace websites. I had checked on one of our clients this week, and her beautiful website wasn't there. Instead, was a list of links for WellsFargo and CGI stuff.

There is no official Internet Police, so when break-ins happen, there isn't anyone to turn to. You want to have friends who know about technology and websites. Action to fix break-ins needs to be swift. This is when it really helps to have friends in Tech. I'd emailed Squarespace, but more than a few hours passed before they responded. So I emailed my friend and co-worker Marilyn at Ink and Coffee, who is also a customer support expert for a major blogging platform. She tipped me off to follow the domain settings: "Usually when the mapping is messed up, it will disrupt the stylesheet and prevent the design from loading."

Simple Hosting Paid Off

True to form, that's what was happening. Part of why I like using Squarespace so much is because they make everything very simple for a very simple user who wants a lot of autonomy running their website, but doesn't necessarily know how it all works under the hood. It's for someone who just wants to click on something, and have it work the way they envision. That is how this website was saved. We were able to easily click on a link for Default Squarespace settings, and restore.

In the case of this client, we were able to recover the website using the following steps:

  1. Have the client change their username right away.
  2. Go to the Domain Settings in Squarespace, and undo the Custom Domain Settings that the bad guy put in there. The settings were reverted back to Squarespace Default Settings, and all was restored. Phew!

 

Moral Of The Story Is...

Don't click on anything in your email. Go to the website that you need to, and navigate from there. Read this article from Squarespace titled "I received a suspicious email. Is it from Squarespace?"

Below are screenshots of emails I got this year from fake posers impersonating Squarespace, and MailChimp. Delete them!

 Screenshot of a fake spam email posing as Squarespace.

Screenshot of a fake spam email posing as Squarespace.

 Screenshot of a fake spam email posing as Squarespace.

Screenshot of a fake spam email posing as Squarespace.

mailchimp spam 1.jpeg

Screenshot of a fake spam email from MailChimp.