An email from firstname.lastname@example.org authentically claims, "Your Squarespace Membership Is On Hold."
Note that this scam may continue in the future with other similar unofficial email addresses.
In late August 2023, we reviewed an email scam that lied to recipients and said that their Squarespace membership was "on hold" and that a billing address would need to be "verified" in order to continue service. It's possible that a similar scam was also circulating in the form of a text message.
This message came from email@example.com. The email address was designed to fool users into believing it had affiliation with Squarespace.
To be clear, Squarespace, a website-building and hosting company, does not send users email messages from iCloud accounts. Further, there's no indication that the companies whose platforms were used in this scam had any involvement in the criminal activity.
The scam email included odd language that was meant to strike a sense of urgency into any Squarespace users who received it. For example, one line in the message read, "Please take care of this right away so you can use your domain":
Your Squarespace membership is on hold.
Verify your billing address to use your domain.
We're required to put your domain, and any connected website, on hold if we can't confirm that we have the correct billing address on file.
Please take care of this right away so you can use your domain.
The message included a link to a website on Wix, a competitor of Squarespace, that redirected to squarespace.account.gs. On this website, scammers asked users to fill out their credit card information and mailing address on a page that resembled Squarespace.com.
Domains ending in .gs are affiliated with "a group of islands located off the southern-most tip of South America called South Georgia and the South Sandwich Islands," according to GoDaddy.com.
Aside from the scammy iCloud email address that was used in this scam, examples of legitimate Squarespace email addresses include firstname.lastname@example.org, email@example.com, and firstname.lastname@example.org.
If any readers fell for this scam, we recommend immediately contacting your credit card company or whatever other payment method you may have provided to the scammers.
We contacted both Wix and iCloud to alert them of the malicious website and email address, so that they can take action on the accounts behind the scam. This story will be updated if we receive any responses.
".gs Domain Names." GoDaddy.com, https://www.godaddy.com/tlds/gs-domain.
"Squarespace." Wikipedia, https://en.wikipedia.org/w/index.php?title=Squarespace&oldid=1170641022.