Phishing Emails Impersonating Squarespace Partners

There are no compliance setups, license key verifications, or audit fees required for Squarespace sites.

We want to make website owners aware of an ongoing phishing scam that is actively targeting Squarespace users by impersonating legitimate Squarespace Partners, designers, and agencies.

This scam has escalated in volume and sophistication. We hear from people daily after they receive alarming emails about their Squarespace site, including non-clients.

How the scam operates

Attackers are sending emails designed to impersonate trusted Squarespace Partners or agencies. These messages often:

• Use names similar to real agencies or individuals

• Come from look-alike domains or free email accounts (such as Gmail)

• Claim urgent action is required to avoid site suspension, restrictions, or loss of access

Common phrases reported include:

• “Compliance setup”

• “Compliance review”

• “Squarespace compliance license key”

• “License verification”

• “Technical audit”

The emails may include copied logos, screenshots, signatures, or language designed to look official and credible.

These messages are not legitimate.

Squarespace has confirmed that:

• There is no known security breach of its platform or partners

• These emails are phishing attempts designed to extract payments, credentials, or access

What Squarespace and partners do not do

To be absolutely clear, neither Squarespace nor legitimate Squarespace Partners or agencies will do the following:

• Squarespace does not conduct “compliance audits” or “internal reviews” of your site

• Squarespace does not issue “compliance keys” or “license keys”

• Squarespace does not ask users to reply “YES” to begin a process

• Legitimate Squarespace Partners do not contact clients from free email addresses

• Legitimate agencies do not initiate compliance, license, or audit requests on Squarespace’s behalf

• Legitimate agencies do not ask for urgent payment or admin access via unsolicited email

If an email claims otherwise, it should be treated as fraudulent.

How to protect yourself

If you receive an email like this:

1. Check the sender carefully. Look for subtle misspellings, extra characters, or incorrect domains.

2. Do not reply, pay, or click links. Even responding can confirm your email address to scammers.

3. Never share login credentials or grant site permissions. Squarespace will never request this via email.

4. Enable two-factor authentication (2FA). Use 2FA on your Squarespace, email, and Google accounts.

5. Verify directly. If an email references your website or designer, contact them using known, trusted contact details — not the information in the email.

6. Report the message:

   • Mark it as phishing or spam in your email provider, such as Gmail

   • Report it to Squarespace if applicable

Our commitment

We take security and trust seriously. We use modern email authentication standards (SPF, DKIM, and DMARC) and do not conduct unsolicited audits, compliance checks, or payment requests via email.

If you ever receive a message that references your site and you’re unsure whether it’s legitimate, contact us directly. We’re happy to verify it with you.

This page is provided for general security awareness and does not constitute a guarantee against third-party fraud.