⚠️ IMPORTANT: Phishing Scam Targeting Our Clients

If you're reading this, you may have received a suspicious email claiming to be from me or my business, Launch the Damn Thing®.

Or, if you're a fellow designer, your clients might be getting similar emails pretending to be from you.

I'm writing this post to:

1. Warn my clients about ongoing phishing attempts

2. Help fellow designers protect their own clients

3. Create a central place to track updates and share information

What's happening in this scam?

For my awesome clients: how to spot a fake email

❌ It's NOT from me if:

• The email address doesn't end in @launchthedamnthing.com — These scammers have used Gmail addresses like info.launchthedamnthing@gmail.com (note the Gmail domain)

• The email asks you to reply "YES" to proceed — I would never ask you to respond this way for services.

• It mentions urgent compliance deadlines or threats — Squarespace is not conducting mandatory audits that could suspend your website.

• Sending an Upwork or Fiverr link – I don’t use freelancer platforms, so these & other platforms like them will never be part of our booking process.

• It involves a phone call of any kind – I haven’t contacted my clients via phone in almost 10 years, and have no plans to start again.

• It looks/sounds/feels like a form letter – Only in very rare circumstances do I send the same email to a mass group of clients & when I do, it won’t look like the examples shared below.

• It's missing my identifiably charm & personality — If it doesn't sound like me, uses too few emojis/GIFs, or lacks exclamation points... it's probably not me! 😂

✅ It IS from me if:

• The email comes from an official @launchthedamnthing.com address.

• We've discussed the project via video call first — I almost always speak with clients via video before any money is exchanged, or you’ve booked the service yourself from emails to me, requesting help, or from my client portal.

• It sounds like me — Hopefully you know my voice and style by now! 🤞🏻

Can scammers fake my email address?

Short answer: They can try, but your email provider will usually catch it.

While it's technically possible for scammers to make an email appear to come from my real @launchthedamnthing.com address, most email providers (Gmail, Outlook, etc.) have security measures that flag these fake emails.

If you receive an email that looks like it's from me:

1. Check for warning banners — Gmail and Outlook usually show warnings like "This message may not be from who it claims to be" if something's suspicious

2. Look closely at the sender — Click on my name/email to see the full details and any security warnings

3. Trust your gut — If something feels off or urgent, it probably is

4. Verify through another channel you’ve used in the past — Message me through the portal, DM me on social media, or email me directly to confirm before taking any action

The golden rule: If you receive ANY email from me requesting payment, urgent action, or asking you to reply "YES" to proceed—even if it looks legitimate—please reach out to me through a separate channel (message, DM, or an email you initiate) to verify before doing anything.

Your email provider is working to protect you, but a quick double-check never hurts! 💛

Examples of real phishing emails reported to me

The content from those screenshots is pasted below into this dropdown accordion:

Email addresses used by scammers:

• info.launchthedamnthing@gmail.com

• hello.launchthedamnthing@gmail.com

Common subject lines:

• "Urgent Update Squarespace EAA/AAA/AAT Compliance Required by 2026"

• “Important: Review Needed to Keep Your Squarespace Site”

• “From Launch the damn thing: Important update for your Squarespace site”

Common claims made:

• "We previously collaborated on your Squarespace website"

• "Squarespace has recently begun conducting compliance reviews"

• "Sites that do not meet the updated standards risk restricted access or temporary suspension"

• References to European Accessibility Act (EAA), American Accessibility Act (AAA), and Australian Accessibility Terms (AAT)

• Deadlines like "February 12, 2026" or "June 20, 2026"

• "Simply reply 'YES' and I'll start the audit right away"

• Claims about being a "Squarespace Partner" or "Website Security Specialist"

What should you do if you receive one?

If you're my client:

1. Don't panic — Your website is fine. Nothing is wrong, and no action is required.

2. Don't reply, click links, or agree to any services — These are scams designed to steal money or access to your accounts

3. Report it as phishing/spam — Use your email provider's reporting feature:

   • For Gmail addresses: Report as phishing through Google

   • For other providers: Use your email client's spam/phishing report feature

4. Report it to Squarespace — Forward phishing emails to reportphishing@squarespace-security.com

5. Forward it to me — Send it to hi@launchthedamnthing.com so I can track patterns and add updates to this post

6. Delete it — Once reported, trash it

If you're unsure whether an email is legitimate:

Please reach out to me directly!

Send me a message in our client portal, DM on social media, a DM in my community if you’re a member, or forward the email to me. I'd much rather you double-check with me than fall for a scam. Even if you're not currently a client, please always feel free to verify!

Protect your account going forward:

While this scam does NOT involve a Squarespace breach, it's always a good time to review your security practices:

• Use strong, unique passwords — Squarespace's password security tips

• Enable two-factor authentication (2FA) — How to set up 2FA on Squarespace

• Review security best practices — Squarespace's complete security guide

• Learn to identify legitimate Squarespace emails — How to verify if an email is really from Squarespace

For my fellow designers: this could affect you too!

If you're a website designer reading this (especially if you work with Squarespace, but this scam is expanding to other platforms like Showit, etc), you may be targeted next.

What we know:

• Squarespace confirmed no breach — Their security team investigated and found no evidence of platform or vendor breaches

• Scammers are impersonating Circle partners — They're offering "critical website updates" for a fee and posing as designers who previously worked with the clients

• Scammers are likely using public information — They're probably going through designer portfolios and reaching out to clients they find via basic Google searches

• It's not just Squarespace anymore — Reports suggest Showit designers and other platform specialists are now being targeted too

• A LOT of other designers (& our clients) have already been affected — You're not alone if this is happening to you

• Squarespace is taking action — They're sending notifications to users with admin permissions, posting in their public forums, and discussing internal product changes to improve security

What you can do:

1. Warn your clients proactively — Don't wait until they get an email. Send a heads-up now.

2. Use my template — I've shared an email template below that you can adapt for your own clients

3. Document everything — Keep records of phishing attempts and report them to your platform's security team

4. Report to Squarespace — Forward any phishing emails to reportphishing@squarespace-security.com

5. Share this post — Help spread awareness in your designer communities

6. Report attempts in the UK to: reportfraud.police.uk

7. Monitor the official forums — Keep an eye on Squarespace’s Circle Forum thread announcements & updates:

   • this Squarespace's Circle Forum thread, Phishing email impersonating me

   • this official announcement thread in the forum: Update on ongoing scam affecting Circle Partner Clients

Email template for your clients

Feel free to copy, edit or adapt, and send this to your own clients. Let's protect each other!

🔄 Updates & new reports

I'll be updating this post as new phishing attempts are reported. If you receive a suspicious email you want to share, please:

• Comment below with details (you can share the sender's email address, subject line, or general content, but PLEASE do not include the recipient’s email address)

• Email or DM me directly at hi@launchthedamnthing.com

• Report it to Squarespace at reportphishing@squarespace-security.com (or other platforms, where applicable)

• Report it to your email provider as phishing/spam

Timeline of my own reports:

• October 10, 2025 — Squarespace sent official announcement to Circle partners about the scam

• November 30, 2025 — First report received from one of my clients

• Early December 2025 — Three more clients reported four separate emails & scammers began using client’s language in subject lines for my international clients

• December 2025 — Squarespace sent broader phishing warning to all customers

• February 11, 2026 — New attempt using references to Acts/laws in new scare tactics

🔗 Official Resources & Links

Report phishing:

• Squarespace Security Team: reportphishing@squarespace-security.com

• Report Gmail phishing: Google's phishing report guide

Squarespace official announcements:

• Circle Forum Discussion: Phishing email impersonating Circle partners

• Official Squarespace Update: Update on ongoing scam affecting Circle partner clients

Squarespace security resources:

• Security Best Practices: Squarespace security tips

• Strong Passwords Guide: Password security

• Two-Factor Authentication: How to enable 2FA

• Verify Squarespace Emails: Is this email really from Squarespace?