Important: Squarespace phishing scam

Several web designers (including me 😠) have recently been targeted by phishing emails that impersonate us.

These messages pretend to be from me / Charlotte Duckworth Studio and claim your author website needs a ‘compliance audit,’ ‘urgent update,’ or ‘security review.’

📣 I want to be crystal clear:

These emails are not from me.

They're scams, spam, or phishing attempts.

They're currently sending from Gmail addresses or other fake domains that I don't own or manage, and the senders are not associated with my business in any way - even though they might use my photo in the email signature.

If the email feels off or doesn't sound like me... it's definitely not from me!

Squarespace is already aware of this impersonation issue — several designers have had their clients contacted with emails like these.

Squarespace's security team has investigated and confirmed that there is no evidence of any breach on their platform or with any third-party vendors or partners.

We believe these scammers are trawling web designer portfolios and reaching out to whoever they can find online via public information.

✅ What you should do if you get an email like this:

• Please report the sender's email address as phishing/spam inside your Gmail/Outlook/etc.

• Please ignore and delete any email claiming to be from me that is not sent from an address ending in @charlotteduckworthstudio.com

• Do not reply, click links, or agree to any audits/fees/updates

• Forward it to me so I can track and report it

Watch my FREE training on how to build your own author website →

💬 These scam emails typically claim things like:

1. I ‘worked on your website previously’ (true for many of you, which is why the scammer is using that angle)

2. Squarespace is doing ‘mandatory compliance reviews’ (they are not - there’s no such thing!)

3. Your site could lose access unless you respond (you will not!)

4. You should reply ‘YES’ so I can ‘start the audit’ (this is not how I do business!)

️⛔ None of that is real or legitimate.

Squarespace does not run audits like that, and I don't offer surprise compliance checks.

If you are an existing client and your site ever actually needed an update, I would contact you directly using my official email address. NEVER from a Gmail.

🛡️ You're safe — no action is needed.

If you do receive one of these emails, please be reassured that nothing is wrong with your website and nothing is required from you. The content of the email sounds technical and urgent in order to scare people into responding.

If you ever receive something suspicious (or just… weird), please feel free to forward it to me anytime.

Better safe than sorry, and I'd much rather confirm something is fake than have you second-guess it!

Thanks so much for taking a moment to read this.

Please stay safe out there - there are a lot of arseholes around and this kind of thing is sadly becoming more and more common.