Ongoing Phishing Scam

updated March, 2026

In September, 2025, several clients shared suspicious emails that appeared to come from my business. It turns out that, over the past year, a coordinated scam has targeted thousands of website owners across several platforms, including Squarespace, Shopify, Showit, Wix, and others. The scammers impersonate a website designer and claim there is a problem with the domain, SSL certificate, or website security that requires urgent payment. These messages are designed to appear legitimate and create a sense of urgency.

From my own client base alone, nearly 100 contacts have been documented. At least six individuals have confirmed financial losses, and 16 different Gmail addresses have been used so far. In several cases, clients were directed to make payments through Fiverr or Upwork accounts. Often, my name (Sara, no “h”) is misspelled, or there is a space added in my business name (EngageTaste).

I have reported the activity to the FBI and the Internet Crime Complaint Center (IC3), and I continue to monitor the situation closely.

I will never email you asking for payment to “fix” a problem with your domain or website security.

You are Safe

The Squarespace platform itself has not been compromised. My own account has not been compromised, nor has yours. Your website remains secure unless you intentionally provide login credentials or grant site access to the impersonator. Do not share login information or grant access to anyone claiming to represent me unless you have confirmed the request directly with me.

If You Are Contacted

If you receive one of these messages, three steps can make a meaningful difference in helping stop the scam:

➊ File a complaint with the FBI’s Internet Crime Complaint Center (IC3): https://www.ic3.gov/Home/ComplaintChoice.

In your report, include as many of the following details as you have. Even partial information helps investigators connect cases.

  • Gmail addresses used

  • Names used (even if they used my name)

  • Upwork or Fiverr profile names or links

  • Square or Shopify payment links

  • Social media usernames or links

  • Bank account or payment account names shown on invoices

  • Screenshots or PDFs of messages or invoices

If you feel comfortable, send me a copy of what you submit. This helps me maintain accurate records as I continue working with platforms and investigators.

➋ Report each fraudulent Gmail address to Google: https://support.google.com/mail/contact/abuse

Google uses the volume of reports to prioritize takedowns, so every submission helps. You can also block it and mark it as spam in your email client.

Please make sure you are not reporting my legitimate email addresses.

➌ You can verify that you’re communicating directly with me through:

I’m also happy to jump on a quick Zoom call so you can see my smiling face. :)

Staying Informed

I occasionally share updates when new patterns or tactics appear. If you would like to receive those updates, you can subscribe to my occasional email here.

A Personal Note

I’m deeply grateful for your time, your help, and your ongoing trust in me and my work. My clients are everything to me.

I’ve met extraordinary people and partnered on some incredible projects over the years — you’re why I do what I do.

I’m deeply sorry that anyone connected with my work has been targeted, and I want you to know I’m doing everything I can to protect you and your business.

Fake Email Addresses Used So Far

info​.designengagetaste​@gmail​.com
hello​.engagetaste​@gmail​.com
sales​.engagetaste​@gmail​.com
hello​.saraengage​.taste​@gmail​.com
sara​.engagetastes​@gmail​.com
sara​.engagetaste​.com​@gmail​.com
contact​.engagetaste​@gmail​.com
engagetaste228​@gmail​.com
contact. engage​@gmail​.com
engagetaste​.com​@gmail​.com
inf​.engagetaste​@gmail​.com
contact​.engage​.tastes1​@gmail​.com
taste​.engagetaste​@gmail​.com
contact​.engagetastestudio​@gmail​.com
contact​.etsaragraham​@gmail​.com
sale​.engagetaste​@gmail​.com
compliance​.saragraham​@gmail​.com