Users of Squarespace website-building services are advised to be on the lookout for a malicious email purporting to be from the company. The email was first detected by MailGuard in the afternoon of the 30th of January 2020 (AEST).
The emails are infiltrating inboxes using the display name ‘Squarespace’ and include a sending email address that uses the domain ‘@sqourserviceonline.com’. The email actually originates from a single compromised email, created for the purpose of tricking users.
The email body contains the Squarespace logo and is titled ‘Unable to renew your domain’. It informs recipients that their ‘connected domain’ is unable to renewed due to an error with the billing information. The recipient is given 3 days to update their payment method ‘to prevent domain suspension’. A link is provided for them to do so.
Here is a screenshot of the email:
Unsuspecting recipients who click on the link are led to a well-crafted phishing page that directs users to log onto their Squarespace accounts, as per the below:
Upon ‘logging in’, users are led to a similar page asking them to update their credit card details. This is also a phishing page that asks for their personal data such as their card number and expiry date:
After inserting the necessary details and hitting ‘Submit’, users are then taken to a page titled ‘Verify Your Billing Information’. It asks recipient for details such as their address. See screenshot below:
Users are then taken to another page asking to synchronize their email account details, for ‘Security Reasons’.
They are then finally taken to a page titled ‘Thank You’ that simulates a logoff and then redirects the victim to the actual Squarespace website.
The sole purpose of this email scam is to harvest personal details of Squarespace customers so the criminals behind this scam can break into their accounts and commit identity theft.
Cybercriminals have employed multiple techniques to boost this email’s credibility. These include:
- use of a major brand name to inspire false trust; the usage of the supposed ‘Squarespace’ display name boosts the email's credibility,
- inclusion of high-quality branding elements like Squarespace’s logo & branding that are typically present in notifications from the company and,
- false urgency; a subject line like ‘NOTICE: Your website will be suspended’ creates a sense of panic and anxiety, motivating users to take action immediately without checking on the email’s authenticity.
Despite these techniques, eagle-eyed recipients should be able to spot several red flags that point to the email’s illegitimacy. For instance, no personal information of the recipient is included in the message body. In addition, the sender address does not use the actual Squarespace domain and the link points to a suspicious URL.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.