Don’t be fooled by this phishing email impersonating popular webhost & website creator Squarespace.
The emails are infiltrating inboxes using the display name ‘Squarespace [ALERT]’ and include a sending email address beginning with ‘squarespace-alert’. However, the domain used in the address doesn’t belong to Squarespace. The email actually originates from a third-party email marketing service. It is titled “Final Notice – Failed billing method’.
The email body is largely comprised of an embedded image containing the Squarespace logo that is cut off at the bottom – a red flag pointing to its illegitimacy. The email begins with a header titled “Credit Card Billing Fail” and informs recipients that credit card payment for their website was unable to be authorised. The recipient is given 3 days to update their billing information to prevent their site from getting suspended. A link is provided for them to do so.
Here is a screenshot of the email:
Unsuspecting recipients who click on the link are led to a well-crafted phishing page that directs users to log onto their Squarespace accounts. However, the domain used to host this phishing page doesn’t belong to Squarespace. Instead, we discovered it is hosted on a new domain that is most likely created for phishing purposes.
Once users “log in” with their email address and password, the attacker harvests them for later use, and the user is met with an error saying that the password is incorrect.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
Cybercriminals frequently exploit the branding of global companies like Squarespace in their scams, because their good reputation lulls victims into a false sense of security, and with such a large number of users they are an easy and attractive target. Many companies use Squarespace to host their business or customer websites. Receiving an email informing them that their site may be suspended is therefore likely to be alarming among companies. They may want to take immediate action in order to minimise disruptions to their business. Cybercriminals hope that in their urgency to rectify the issue, users don’t pause to check for the legitimacy of the email and click on the phishing link.
Cybercriminals have employed multiple techniques to boost this email’s credibility. These include:
- use of a major brand name to inspire false trust; the usage of the supposed ‘Squarespace’ display name boosts the email's credibility,
- inclusion of high-quality branding elements like Squarespace’s logo & branding that are typically present in notifications from the company and,
- false urgency; a subject line like ‘Final Notice – Failed billing method’ creates a sense of panic and anxiety, motivating users to take action immediately without checking on the email’s authenticity.
Despite these techniques, eagle-eyed recipients should be able to spot several red flags that point to the email’s illegitimacy. In addition to the cropped image in the email body, no personal information of the recipient is included. Plus, the sender address does not use the actual Squarespace domain and the link points to a suspicious URL.
If you’re unsure whether an email you’ve received is actually from Squarespace, visit the company’s support page. It issues the following advice:
“If you received a suspicious email that looks like it’s from us - or a company claiming to be associated with us - don’t click links, download attachments, or reply to the message. Report it to our Security team by forwarding the entire email to email@example.com. Include the email header and subject line, which helps us investigate where it came from and stop it from spreading to other customers.”
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.