Ongoing Scam Targeting Website Owners

updated March 6, 2026

Over the past year, a coordinated scam has been targeting thousands of website owners across several platforms, including Squarespace, Shopify, Showit, and others. The scammers impersonate a website designer and claim there is a problem with the domain, SSL certificate, or website security that requires urgent payment. These messages are designed to appear legitimate and create a sense of urgency.

I will never email you asking for payment to “fix” a problem with your domain or website security.

From my own client base alone, nearly 100 scam contacts have been documented. At least six individuals have confirmed financial losses, and 14 different Gmail addresses have been used so far in this activity. In several cases, clients were directed to make payments through Fiverr or Upwork accounts. Often, my name (Sara, no “h”) is misspelled, or there is a space added in my business name (EngageTaste).

I have reported the activity to the FBI and the Internet Crime Complaint Center (IC3), and I continue to monitor the situation closely.

If You Are Contacted

If you receive one of these messages, two steps can make a meaningful difference in helping stop the scam.

File a complaint with the FBI’s Internet Crime Complaint Center (IC3): https://www.ic3.gov/Home/ComplaintChoice.

In your report, include as many of the following details as you have. Even partial information helps investigators connect cases.

Gmail addresses used
Names used (even if they used my name)
Upwork or Fiverr profile names or links
Square or Shopify payment links
Social media usernames or links
Bank account or payment account names shown on invoices
Screenshots or PDFs of messages or invoices

If you feel comfortable, send me a copy of what you submit. This helps me maintain accurate records as I continue working with platforms and investigators.

Report each fraudulent Gmail address to Google: https://support.google.com/mail/contact/abuse

Google uses the volume of reports to prioritize takedowns, so every submission helps. You can also block it and mark it as spam in your email client.

Please make sure you are not reporting my legitimate email addresses.

You can verify that you’re communicating directly with me through:

Email: sara@engagetaste.com (primary business address) or engagetaste@gmail.com (used only for Google Drive)
Phone: 314-363-1899 (personal) or 314-441-5647 (business)

I’m also happy to jump on a quick Zoom call so you can see my smiling face. :)

Important Squarespace Update

In March 2026, Squarespace recently announced a platform change in response to a long-standing concern raised by designers.

Previously, certain Squarespace 7.1 sites included author profile details (such as a user’s name, website URL, bio, or profile image) within the page code. This information was not visible to visitors on the page itself, but it could appear in the site’s HTML when inspecting the code. While this behavior did not affect how websites functioned, it meant that designer profile information could appear in the page output. Squarespace has since reduced where this information appears. This change may remove one of the signals the impersonator could have used.

Staying Informed

I occasionally share updates when new patterns or tactics appear. If you would like to receive those updates, you can subscribe to my occasional email here.

A Personal Note

I’m deeply grateful for your time, your help, and your ongoing trust in me and my work. My clients are everything to me. I’ve met extraordinary people and partnered on some incredible projects over the years — you’re why I do what I do. I’m deeply sorry that anyone connected with my work has been targeted, and I want you to know I’m doing everything I can to protect you and your business.