There is a scam making the rounds right now that I think is worth talking about, because it is specifically designed to make you doubt yourself when you spot it.
Here is how it works. Someone makes a small, fraudulent charge on your credit card, maybe just a few dollars. But when you look at the charge, it shows the name and information of a real, legitimate business. So you think, “Well, maybe I did buy something there and forgot about it.” And that is exactly what they are counting on.
How the Scam Works
These scammers will use the name of a real business near you, or they will go so far as to register a small, similar-sounding business with an address nearby. They start with small test charges, a couple dollars here and a couple dollars there, to see if you notice. If you don’t, the charges get bigger.
And here is the really frustrating part. When you finally do notice and try to track down the business, you end up contacting the legitimate company. Of course, they have no idea what you are talking about, because the charges did not actually come from them. It is a fake name attached to a fraudulent operation.
If you have ever dealt with spam phone calls, this will sound familiar. Scammers “spoof” real phone numbers so that when you call back or try to block the number, you are just reaching some random innocent person or business. This is the credit card version of that same trick.
What You Should Do
If you spot a charge you do not recognize, here is what I would recommend:
Secure your account immediately. Contact your bank or credit card company and let them know about the suspicious charges. Lock your card if you can.
Report the charges to your bank. Do not worry about hurting the legitimate business whose name was used. The charges did not come from them. Your bank can investigate and track down the actual source of the fraud.
File a report with the police. This creates a record that helps law enforcement identify patterns and shut these operations down, especially if you report it quickly.
A Few More Things to Keep in Mind
The FCC and other federal agencies should really be building better systems to protect people from these kinds of scams and shut the fraudsters down. But until that happens, we have to look out for ourselves and each other.
Here are some good habits that can help:
Never trust anyone who calls you on the phone asking for verification codes. No legitimate business will do this. They may know a lot about you, your email, your name, your phone number, but this is easy to look up. Don’t fall for it.
If you get an email reporting a problem with your account and it includes a link, check where that link actually goes before you click it. If it does not take you directly to the official website of whoever supposedly sent the message, that is a big red flag.
Scammers are getting smarter and bolder, but you do not have to cooperate. If something feels off about a charge on your account, trust that feeling and report it. It is always better to be safe.
What This Means If You Run a Website
This is a good time to talk about why website security matters, especially if you are running an online store.
If you have a WooCommerce site, you are processing real transactions with real customer data. That means you need a secure website where you can clearly track every transaction that comes through. You should be able to see exactly what was purchased, when, and by whom. If something looks suspicious, you need to be able to identify it quickly and block bad actors from accessing your store.
A well-built WordPress site with proper security measures in place gives you that kind of visibility and control. Things like SSL certificates, two-factor authentication, regular updates, and proper user permissions are not just nice extras. They are essential. You want to make it as difficult as possible for someone to gain unauthorized access to your WooCommerce dashboard, your customer data, or your payment processing.
And here is something worth repeating, because the same tricks scammers use on your credit card, they use on website owners too. WordPress will never call you and ask for your website password or your two-factor authentication code. Your hosting company will not do that either. If someone contacts you claiming they need that information to “fix” or “verify” something on your site, that is a scam. Full stop.
Just like with the credit card scam we talked about above, the goal is to look legitimate enough that you let your guard down. Do not let them. If you get a call or email like that, hang up, close the email, and go directly to your hosting dashboard or WordPress admin on your own. Do not click their links. Do not give them your credentials.
Taking care of your website security is not so different from taking care of your personal finances. Stay alert, keep things locked down, and if something does not feel right, trust your instincts.
Dollars to Donuts, we bet that paper “bill” is not what you think.
We get calls about these all the time. A client receives something in the mail that looks like a bill for their domain registration. It has their domain name on it, an amount due, a payment deadline. It looks official, but is it? They ask us, is it a scam, and sometimes it is. Sometimes it is just an advertisement. Sometimes it is junk.
Most of the time, it is not a bill for something they want.
Now before you lawyer up, keep in mind that if we have not seen your “bill”, we can’t verify anything, but stay with us, we can walk you through how we assess these paper surprise invoices and mystery expenses.
Here’s the Thing About Domains and Hosting
You almost never get paper bills for this stuff. When you set up hosting or register a domain, you put a credit card on file. At most you get an email saying it renewed automatically, or occasionally asking you to update your payment method. That’s it. It doesn’t track for a digital business who offers online services to send you… paper. That would be as silly as them sending you a fax. It’s just silly, and very very unlikely.
So when a paper notice shows up asking for $$$ for your domain, your hosting, or your website listing, that should feel strange. Because it is strange.
A Real Example
A client recently sent us one of these letters. It’s from a company called “Domain Listings” and it looks very much like an invoice to them. There’s a domain name, a service period, a total amount, a payment slip at the bottom.
But if you read the print, buried in a paragraph, it says: “We are not a domain registrar, and we do not register or renew domain names.” A little further down: “THIS IS NOT A BILL.”
They put that in there because legally they most likely have to. But they designed the whole thing a certain way, and our clients call us and say they think it looks like a bill. Is it a bill? Maybe. Is it a bill for a service you want or need? Probably not, but you can decide that for yourself once you know what it is for and what it is not for.
What are they actually selling? Well in the one we received from our client to review for them, it appeared to be listing in some internet directory for $288 a year. Did he want that? Well, after understanding what it was, no he didn’t. And he was frustrated with having to take the time to figure that out. He said, “I hate theses stupid scams!” and that is how a lot of people feel.
So why do these get sent out if you don’t owe anything? Well, we can only speculate of course, but these companies would not keep mailing these out if people weren’t paying them. That’s the frustrating part. Are these people paying because they think they owe the money? Are they paying because they wanted an unsolicited service? Possibly. Is it a scam? Well, that is complicated. They do seem to be offering a service. If someone wants that service and they receive it after paying well, who are we to judge, but if you pay for something because you don’t understand it and you get something you don’t want, well that is another thing.
How to Protect Yourself
If you get a paper notice about your domain or hosting, don’t panic and read it carefully. If you get an email, don’t click the link in the message, go to the source and keep excellent records.
Instead:
Keep a record of where your domain is registered and where your hosting lives. When something comes in, check your records. Go directly to the website by typing the address yourself. Log in and make sure everything looks right.
If you’re not sure, give us a call. We’re happy to look at whatever you received and tell you if we think it’s legitimate or not. There’s no charge for that. We’d rather spend five minutes on the phone than watch you lose $288 to something you didn’t need or want.
The Short Version
Paper bills for domains are almost always worth looking at with a skeptical eye. Keep records of your actual services. Go directly to your registrar or host to verify anything. And when in doubt, ask someone you trust.
Save yourself the headache.
What to Do When Your Meta Business Page Gets Hacked (And Why Prevention Is the Real Answer)
We recently helped a client recover their Facebook Business Page after it was compromised. It was a multi-day process involving notarized documents, multiple support tickets, and a lot of patience. We got it back. But the experience reinforced something we already knew: the best time to secure your account is before anything goes wrong. Quick disclaimer, we don’t represent META or any of its many divisions or associates, we just know what we have seen, what was successful for us and what fail miserably. We also acknowledge that these systems and any observations we make about them are purely speculative and are little more than anecdotal, meaning we are not giving you advice, just sharing our story. Your mileage can, and absolutely will very. Proceed with caution.
This post walks through what happened, what we did, and what you can do to protect yourself, maybe.
What Happened
An admin on the client’s Facebook Page had their personal account compromised. Before that account was disabled, bad actors used the access to add themselves to the Business Portfolio and the Page itself. They added fraudulent admin accounts, removed the legitimate owners, and started running scam ads using the client’s payment methods.
The first sign of trouble was an email notification that an unfamiliar person had joined the Business Portfolio. By the time the client saw it, the damage was done. They had changed the name of the business page, created content on the compromised personal page that got it banned and started running scam ads on the business page. They added several different accounts to the business portfolio page and removed all access.
The attack was acute and executed quickly like a well oiled machine going through a process I can only assume has been done many time before. Everything happened within an hour and it was done late at night so the client wasn’t even aware anything had happened until the next morning.
The Recovery Process
We have recovered pages from hackers before. We have done this work privately for clients ranging from small nonprofits to Fortune 500 companies. It is not a service we offer publicly due to the risk and complexity involved. We only take on cases where we can verify ownership and where the account history shows strict compliance with Meta’s community standards. We also only work with assets with a minimum followership and a minimum previous platform investment due to the risk involved in the recovery process. Associating with banned assets an banned accounts in itself can be a risk factor and we can not guarantee success. All of that said, we know you are looking for solutions if you have read this far, let us walk you through what has worked for us and why. Just because might not be able or willing to recover your page, we are more than happy to help you try it on your own. But take heart, this is a task for the tenacious and patient.
Here is what the process looked like:
Step one: Stop the financial bleeding. The hackers were running ads on the client’s payment method. We advised the client to contact their bank immediately, block charges from Meta, and request a new card number. This is urgent. Do not wait for Meta to fix things before protecting your finances. META is actually really great about catching unusual spending and will likely disable the account quickly and require verification of payment before continuing, but there is no reason to wait. Secure any financial account you have attached to the compromised assets.
Step two: Document everything. We gathered page IDs, ad account numbers, Business Portfolio IDs, screenshots of the fraudulent admins as they were noted in the email notice when it was received, and evidence of ownership including business licenses and website records. This is a great time to show proof of you business ownership with notarized records and a copy of your ID. Also, before you submit your request clear your calendar. This is now your only focus for the next 12 hours because once you hit submit you are on call until the issue is resolved. We talk about this more in step three, but suffice to say, once you open a ticket, you are on the golden path, don’t step off the path because it can sometimes be your only opportunity to set this right.
Where do I find the Facebook Support Page?
Go to your Meta Business Suite and click on Help. Find a link to the Business Help Center page. This link can change so Google it or hunt for it in the help dashboard. Follow links like “Get Support” and look for your account overview. If you see a prompt, like “How can we help?” and it askes for “asset IDs” to get help you are in the right place!
Step three: Submit a support request. We went through Meta Business Suite to access the help and support tools. Here is where it gets tricky, you might not have access to this. Not all accounts have access to this level of communication and we call these accounts that do have this level of access, concierge accounts. If you do not have a concierge level account you may need to reach out to a trusted friend or a pro to help you get access to the secure META support portal. We don’t have any facts about who gets access and who doesn’t but what we have seen is concierge access level accounts tend to be owners of several pages which have a significant regular ad spend or other investment in the platform and have a pristine record. What is a pristine record? No community violations, and if you are not familiar with what these are you can read all about it. We wont share a link here because it often changes, but Google it and it should come right up. If you make it past this first hurtle, that is the most significant step to success. Keep in mind, that once you are in the chat, you are now on the right path, if you have a case number that is great, write it down and dont close the chat window!
Why can’t I close the chat window?
The support chat is not listed in your normal chat list. If you close it and you don’t know where to find it again, you may not be able to find it again!
What do I say when I first open my META support ticket? What should I upload?
If you have the opportunity to upload proof, this is your most essential opportunity to share everything they are going to need. Don’t blow it on a cellphone shot of your stolen page, write a report of exactly what happened, give evidence, show proof of ownership and provide pertinent details without any fluff. Keep it in an outline format and make it a PDF or a high resolution image. They will need all the ID numbers you can provide, one for your page, one for your ad account and one for your business portfolio. You should already have these, but if you don’t you can hunt them down using forensic data recovery techniques.
Step four: Be clear, brief, and persistent and give them all the information up front. Every message we sent was structured the same way: a short explanation of the problem, a numbered list of exactly what we needed Meta to do, and all the relevant reference numbers as well as proof of ownership. No life stories. No emotional appeals. Just facts and specific requests. The first few responses can feel generic and unhelpful but this is part of the process, you are on the right track, stay calm, be polite, and don’t fail to respond. Meta’s automated systems kept asking us to verify payment, which we could not safely do while hackers still had full control of the account. That is OK, they have to work through a process of elimination, starting with the basics and then escalating, sometime 3-4 or more times. Hang in there.
Step five: Escalate when necessary. We moved through several layers of support. AI responses, lower-level support staff, and eventually a specialist. Each time we were asked for more information, we responded within the hour. This process took days. Sometimes a request would come though after 4 hours sometimes after 2 days and you only have a short amount of time to respond or your chat request for more information of to make a confirmation. If you fail to respond in the time frame they need, they could close and resolve the case, which could add a new layer of complication, the cold period. We don’t really understand the cold period, but accounts that have a recently closed or resolved case can sometimes have difficulty opening anew case. For example, you submit a case, but you don’t respond in time to a request for more information or for a confirmation and so you try to open a new case, but when you try to submit your case, nothing. The page just opens a blank chat window. We don’t know if this a system issue or a dark pattern designed to reduce abuse of the support ticket services, but either way, once you have a case open and access to a chat window, don’t close the window and reply to every request IMMEDIATLY until your case is resolved.
My personal account was banned, how do I get support?
The hard answer is, banned personal accounts are some of the hardest accounts to recover. One, if your account is banned you have no way to access the recovery tools you need. This puts you at the mercy of a friend who can ask on your behalf, but that friend then opens themself up to risk if your account has community violations
Step six: Provide notarized proof of ownership. In the end, what unlocked the recovery was a notarized document signed by the business owner confirming their identity and ownership of the page. Meta’s security team used that to verify the claim and restore access to the business page an to the business accounts.
The Catch-22 You Might Encounter
Meta’s support process can create frustrating loops. In our case, they asked us to verify a payment method before they would help. But we could not safely add payment information while unauthorized users still had full control. It would put us at risk of letting the bad actors remove us again and keep access to our ad service with freshly verified financial details. Not ideal. We hung on, and kept giving our data and our request, and after 48 hours we were restored.
We had to explain this clearly and repeatedly. Eventually, someone understood and escalated the case appropriately. But it took persistence.
Why Your Facebook Account Might Not Have Access to the Tools You Need
Here is the uncomfortable truth: not all accounts have access to the same level of support. We don’t know why but from what we have seen Meta’s concierge services are generally available to accounts with significant ad spend and a clean history. If you have never run ads or if your account has had policy violations, you may not have access to the support channels that can actually resolve these issues. The service as far as we know doesn’t have public information on who gets what but this is what we have seen. So if you find yourself in need of help, look for someone with these kinds of accounts to help you.
Can my local social media manager or website developer help me recover a hacked Facebook page?
Maybe, but not likely. This is a niche service with a hefty price tag starting at a minimum of $10,000 so your local tech savvy marketing team is not going to have the skills or the tools to navigate this kind of thing. They might, but it is very unlikely. Look for a media team that manages a minimum of 6 figures a year in META media ads. These tend to be the kind of teams that can dedicate themselves to handling hacked Facebook page recovery. We do provide this service, but we only accept a few clients at this level per year and it comes as part of a long term high level maintenance service contract.
Here is where we ask you kindly not to “shoot the messager.” This is not a system we have any control over. We work with what is available. For clients who do have access to these tools, we might be able to help navigate the process but we can not access you accounts if we have never had access to them before the incident. For those who do not, the options are more limited and in some cases, essential nothing. Follow the hacked page form protocol. Follow all the requirements, which might feel invasive, things like requiring a face scan are not uncommon. Have an account name that matches a legal name that you can verify with ID. Get verified.
What You Should Do Right Now (Before Your Business Page Gets Hacked)
The best cure is prevention. Here is what we recommend:
Secure your personal Facebook account. The Business Portfolio is only as secure as the personal accounts that have admin access. If one admin gets compromised, the whole page is at risk.
Enable two-factor authentication everywhere. Turn on 2FA for your personal Facebook account, your Business Portfolio, and your email. Consider using an authenticator app instead of SMS codes. Some authenticator apps include biometric confirmation, which is much harder to compromise remotely.
Require 2FA for your Business Portfolio. In your Business Portfolio settings, you can require all admins to have 2FA enabled. Turn this on.
Audit your admin list regularly. Remove anyone who no longer needs access. Make sure all current admins are active, responsive, and have secured accounts.
Never share your 2FA codes. No legitimate service will ever ask you to share a code via a link or third-party app. If something asks for your code outside of the official Facebook login flow, it is a scam.
Secure your email. If your email gets compromised, your 2FA can be bypassed through password resets. Add 2FA to your email account as well.
Document your account details now. Write down your Page ID, Ad Account ID, Business Portfolio ID, and the email addresses of all legitimate admins. Store this somewhere safe. If you ever get locked out, you will need this information to prove ownership and you will not be able to access it from inside the account.
Hire a Pro. Hire a team like us to document everything for you, audit your current security risks and maintain us on all of your accounts so we can catch issues quickly and know exactly how to respond as soon as an issue happens. We can’t guarantee it wont happen but we can help make sure it is less likely and we can help you recover it when possible using all the records we will create to make sure you have the data you need instantly should something happen. We know time is money and preparation is everything!
If It Happens Anyway – Hacked Facebook Pages Happen to Anyone
Even the most careful people can get tricked. Social engineering is sophisticated. If you lose access to your page, here is what to do (maybe):
Contact your bank and block any payment methods connected to the ad account.
Go to Meta Business Suite and navigate to the help and support section.
Submit a detailed report with all relevant account IDs and a clear description of what happened.
Be prepared to provide proof of ownership, potentially including notarized documents.
Respond quickly to any follow-up from Meta. Delays can reset your place in the queue.
Be patient. This process can take days, weeks, or even months.
And keep in mind: recovering the page does not always mean you are safe. In some cases, bad actors will still “own” the page through the Business Portfolio. They can wait quietly and remove you again later, or wait until you add new payment information and then run fraudulent ads on your account. If you have a security break, secure EVERYTHING. Secure emails and phones and check for unauthorized or unusual apps on your phone. Use an authenticator and lock everything down. Once your accounts have been breached it’s a good time to update all of your passwords especially if you use the same ones! (That is a big no-no!)
A Final Note
There is no step-by-step guide that works for every situation. Meta’s systems change constantly, and different accounts have access to different tools. What worked for us may not work exactly the same way for you.
But the fundamentals remain the same: secure your accounts before something goes wrong, document everything, and if something does happen, be clear and persistent in your communications with support.
Good luck out there. And go check your 2FA settings today.
Post Image Key: 1. Help, 2. META Business Suite, 3. Active cases you may have open, 4. Settings, 5. Search for the page or assets you need to fix – don’t reach out under the wrong account asset! 6. This may look like a place to start a case but it is just a feed back form. It’s great for providing feedback but is not likely to open a case which is the key to recovering your hacked Facebook page.
Don’t Fall for This (not a real) Red Bull Job Scam: How to Spot and Avoid Phishing Employment Fraud
A fake job offer landed in my inbox yesterday, and it’s a perfect example of how scammers are preying on desperate jobseekers. Here’s what you need to know to protect yourself.
The job market is brutal right now. With layoffs hitting every industry and competition fiercer than ever, jobseekers are more vulnerable to scams than they’ve been in years. Scammers know this, and they’re exploiting people’s desperation with increasingly sophisticated fake job offers.
Yesterday, I received this email that perfectly demonstrates how these scams work:
Hi Designweb,
It’s a great time to join Red Bull. We’re actively building teams across functions, and we believe your experience could be highly relevant. Rather than place you into a predefined role, we’d like to explore possibilities directly with you.
Use the link below to set up a short chat: https://www.redbull.com@rebrand.ly/join-redbull-for-career-growth-and-opportunities
For your convenience and data security, we use Facebook login to confirm identity, reduce duplication, and automatically fill required fields.
I’m here to support if needed.
Best regards,Joanne – Red Bull Careers
This might look legitimate at first glance, but it’s packed with red flags that scream “SCAM.”
The Red Flags That Give This Scam Away
1. The Malicious URL Structure
The biggest giveaway is that suspicious link: redbull.com@rebrand.ly/join-redbull-for-career-growth-and-opportunities
Real corporate websites don’t work this way. This URL structure means:
The actual destination is rebrand.ly (a URL shortener)
The redbull.com@ part is just window dressing to fool you
Clicking this link takes you wherever the scammer wants—definitely not Red Bull’s website
Legitimate Red Bull career pages would be hosted directly on redbull.com, like careers.redbull.com or redbull.com/careers.
2. The Facebook Login Trap
The email claims they use “Facebook login to confirm identity, reduce duplication, and automatically fill required fields” for your “convenience and data security.”
This is complete nonsense. Legitimate employers:
Don’t require social media logins for job applications
Use their own secure application systems
Never ask for access to your personal social media accounts
This Facebook login request is designed to steal your credentials and give scammers access to your entire social network.
3. Vague, Too-Good-To-Be-True Language
Notice how the email is deliberately vague:
No specific job title or department mentioned
No requirements or qualifications listed
No mention of how they found my contact information
Promises of special treatment: “Rather than place you into a predefined role, we’d like to explore possibilities directly with you”
Real recruiters are specific about roles, requirements, and why they’re contacting you.
4. Missing Legal Requirements
Here’s something most people don’t know: under the CAN-SPAM Act, commercial emails must include the sender’s physical address and clear unsubscribe options. This email has neither—a dead giveaway that it’s not from a legitimate company.
5. Generic Greeting and Poor Targeting
“Hi Designweb” which not only isn’t our business name, (It’s Designweb Louisville) it’s not even a name at all, which suggests this is a mass email sent to thousands of people using junk data they scrapped from the internet. A real Red Bull recruiter would use your actual name and reference specific skills or experience that caught their attention.
What These Scammers Are Really After
Job scammers aren’t just looking for quick money—they’re after something much more valuable: your personal information and digital identity.
Immediate Goals:
Steal your Facebook login credentials
Access your social media profiles and contacts
Harvest personal information (name, email, phone, work history)
Gain access to other connected accounts
Long-term Exploitation:
Identity theft using your personal data
Target your friends and family with similar scams
Sell your information to other criminal networks
Use your professional information to create fake profiles
Secondary Scams: Once they have your information, expect follow-up scams like fake background check fees, equipment purchases, or “training” costs.
How to Protect Yourself from Job Scams
Before You Click Anything
Verify Independently:
Go directly to the company’s official website
Search for the recruiter’s name on LinkedIn
Call the company’s main number to verify the opportunity
Check the company’s careers page for similar openings
Analyze the Email:
Look for specific job details and requirements
Check if your name is used (not just your email handle)
Verify that links go to official company domains
Look for proper corporate contact information
Red Flags That Should Make You Stop
Unsolicited job offers that seem too good to be true
Requests for social media logins or passwords
Vague job descriptions with no specific requirements
Immediate job offers without an application or interview process
Requests for personal information upfront (SSN, bank details, etc.)
Poor grammar, spelling, or unprofessional language
Missing company contact information or legal disclaimers
Safe Job Search Practices
Stick to Legitimate Channels:
Apply through official company websites
Use reputable job boards (LinkedIn, Indeed, company career pages)
Work with established recruiting agencies
Attend job fairs and networking events
Protect Your Information:
Never provide SSN, bank details, or passwords in initial communications
Be cautious about sharing too much personal information on public profiles
Use a separate email for job applications if possible
Trust your instincts—if something feels off, it probably is
The Bottom Line
The current job market has created a perfect storm for employment scams. Desperate jobseekers are more likely to overlook red flags, and scammers are taking full advantage.
Remember: legitimate employers don’t need your Facebook password, won’t ask you to pay for training or equipment, and will always provide clear contact information and detailed job descriptions.
When your job hunting, desperation can cloud your judgment. Take a step back, verify everything independently, and remember that if an opportunity seems too good to be true, it probably is. Also, don’t feel bad if you do fall for a scam. Even the best and brightest can sometimes fall prey to clever tricks. Identity theft is a multi-billion dollar industry, with recent data showing that annual losses in the United States alone amount to tens of billions of dollars. The crime continues to grow in scale and sophistication, affecting millions of individuals and businesses. So as embarrassing as it may feel to fall victim to these kinds of messages, you are not alone.
Stay safe out there, and don’t let scammers profit from your career ambitions. If you do get tripped up, be sure to take additional measured to secure your personal or private information and accounts. You can even protect yourself in advance by using two-factor authentication and possibly using a credit freeze to block thieves from opening new accounts in your name, should your information become compromised.
Google Domains to Squarespace Migration: What You Need to Know
If you’ve received an email about your domain being migrated from Google Domains to Squarespace, you’re not alone. It is very likely a legitimate transition affecting millions of domain owners worldwide, and not likely to be a phishing attempt. Although there are bad actors out there who may use this situation to their advantage, fortunately there are things you can do to ensure your account and domain remain safe and under your control. Let’s explore what happened, what it means for you, and how to verify everything is in order.
Did you get a message like this?
We recently migrated your domains to Squarespace.
To activate your account, choose the Google log in option using ******@***.***, to log in to Squarespace.
Once your account is activated, you can update your billing and privacy settings, manage domain records, add email and domain forwarding rules, and more. Learn more in our help center. Manage your domain ******.*** →
Manage this domain, and all other Squarespace managed domains, by logging in. We’re glad to have you at Squarespace Domains, and our award-winning Customer Support team is available 24/7 to help with any questions.
We’re contacting you at the email address associated with your domain registration. As a reminder, Squarespace’s Terms of Service apply to your domains, and your data is governed by Squarespace’s Privacy Policy.
You have received this mandatory email service announcement to update you about important changes to Squarespace.
The Timeline: How We Got Here
In June 2023, Google announced their decision to sell Google Domains to Squarespace. The acquisition officially closed on September 7, 2023, at which point all Google Domains users technically became Squarespace customers, though the actual migration of domains happened gradually.
Between September 2023 and July 2024, Squarespace worked on migrating domains in batches from Google’s systems to their own. According to Google’s official support documentation, this migration process was completed on July 10, 2024, with all domains now fully transferred to Squarespace’s management system.
What Does This Mean For Domain Owners?
If you previously registered or managed domains through Google Domains, here’s what you need to know:
Your domain is still active: The migration doesn’t affect your domain’s registration status or expiration date. All the time remaining on your registration has been preserved.
Account access has changed: You’ll now manage your domain through Squarespace Domains rather than Google Domains. When your domain migrated, you should have received a notification email.
DNS configuration remains intact: Your website, email, and other services connected to your domain should continue working as before. Squarespace maintains the same DNS infrastructure (powered by Google Cloud DNS) to ensure continuity.
Pricing commitment: Squarespace initially committed to honoring Google Domains pricing for at least 12 months after the acquisition closed (until September 7, 2024). After this period, domains renew at Squarespace’s standard rates.
No website requirement: You do not need to create or maintain a Squarespace website to keep your domain registration. Squarespace Domains functions as an independent domain registrar service.
How to Verify Your Migration is Legitimate
If you receive an email claiming your domain has migrated from Google to Squarespace, here’s how to safely verify its legitimacy:
Check the official Google Domains site: Visit domains.google.com. If your domain has been migrated, you’ll see a message indicating it was moved to Squarespace with the migration date.
Log in with your Google credentials only when you have verified you are on an official page: Squarespace created accounts using the same email associated with your Google Domains account. You can use this email to access your domains at account.squarespace.com/domains.
What To Do Now
Access your Squarespace Domains account: Log in using the email address previously associated with your Google Domains account. If you already had a Squarespace account with that email, your domains will appear in your domains dashboard.
Update payment information if needed: Ensure your billing information is current in your Squarespace account to prevent renewal issues.
Check domain settings: While DNS configurations should have transferred intact, it’s wise to verify that everything is working properly, especially if you use email forwarding or other special configurations.
Note the new pricing: Check Squarespace’s domain pricing for future renewals, as rates may differ from what you paid at Google Domains.
Need Help?
If you encounter issues with your migrated domain, Squarespace is now your point of contact for support. You can access their help resources at support.squarespace.com or through your Squarespace Domains account.
While any large-scale transition like this can cause temporary confusion or technical hiccups, most domain owners should experience minimal disruption from this change. By understanding what’s happened and verifying your account access, you can ensure your online presence remains secure and uninterrupted.
What Is SSL and Why You Must Have It
Author: Christopher Oldman
In the modern world, online security should be on the list of everyone’s top priorities. No matter if you’re simply browsing the web or looking to make a purchase, you need to make sure that your sessions are safe.
This is particularly true if you’re running an online business. Nowadays, having a website that’s not properly secured won’t do you any good. That’s why any responsible business owner needs to make sure they secure their business website.
Proper security measures won’t only help you attract and retain customers, but they will also help build up your online reputation. The more trustworthy your business appears, the more appealing it will be to your audience.
So, if you don’t already have proper security measures in place, it’s high time you look into securing your website with an SSL certificate.
SSL stands for Secure Sockets Layer and it is a digital certificate that enables an encrypted connection. In simpler terms, SSL is a security protocol that helps create an encrypted link between the web server and the web browser.
Businesses that add this type of security protocol to their website will ensure that any type of transaction happening on their website stays entirely safe. This includes any type of transaction, customer information and any other piece of sensitive data.
Naturally, the safer your internet connection is, the less likely any type of information transfer will be to fall victim to misuse and manipulation.
Your website visitors can easily see whether or not your website is secured by an SSL certificate by looking for a padlock icon next to the URL in the address bar.
Another way you can ensure that the website is secure is by looking for the letter s in the URL. The websites that feature this layer of security will have https in their URL instead of a simple http.
It’s also worth noting that the version of an SSL protocol that’s currently being used is actually named Transport Layer Security (TLS) but almost everyone still refers to it as SSL – the original name of this type of protocol.
How do SSL certificates work?
As we’ve mentioned earlier, SSL helps protect the privacy and security of any data transferred between two parties – usually a website user and a website or two systems. Thanks to the encryption algorithms that scramble data while it’s in transit, these types of connections are entirely safe from any potential security breach.
That being said, here’s how the entire process looks like:
A browser or server makes an attempt to connect to a website or web server that’s secured with SSL.
A browser or server makes a request to the web server to identify itself.
As a response, the web server sends a copy of its SSL certificate to provide identification.
The browser or server then checks the validity of the SSL and in case it determines it to be trustworthy, it sends a signal back to the web server.
The web server then provides a digitally signed approval to start an encrypted SSL session.
Data shared between the browser or server and the web server is encrypted to prevent any misuse.
Even though this may sound like a lengthy process, it actually takes mere milliseconds.
The professionals at a reputable nyc web design company understand the importance of having proper security systems in place, which is why they ensure that every website they help create features an SSL certificate.
Why do you need an SSL certificate?
We’ve noted previously that websites need SSL certificates to help keep any data transferred safe. However, that’s not the only reason why websites choose to implement these certificates.
Aside from general security, websites also need SSL certificates to prove ownership of the website, as well as prevent any security breaches.
Moreover, having SSL certificates in place will also help build and improve trust with users, which is certainly something every business should be aiming at.
Think of it this way: If you expect your website visitors to provide their personal and sensitive data, you must make sure you create an environment where they’ll feel safe to do so. Otherwise, you run the risk of your website visitors simply bouncing off to another website that offers this additional layer of security.
Apart from helping build trust with users, an SSL certificate will also help you improve your online reputation and visibility. Google and other search engines prefer secure websites over the ones that are not.
So, what this means is that having an SSL certificate in place will also help you with your SEO, bringing more exposure and visibility to your website.
That’s why it’s safe to say that securing your website with SSL will help you:
Build trust with your audience
Provide a more secure environment
Reach better search engine ranking and visibility
Boost your online reputation
Make your website more appealing to a general audience
There are six main types of SSL certificates that focus on different validation levels and they include:
Extended Validation certificates (EV SSL)
Extended Validation certificates (EV SSL) are most commonly used for high-profile websites that involve online payments and are the most expensive type of SSL certificates.
When installed, EV SSL will display a padlock, https, the name of the business and the country in the address bar. This way, the website that features this type of certificate is easily distinguishable from fake and malicious sites.
2. Organization Validated certificates (OV SSL)
Organization Validated certificates (OV SSL) are quite similar to the EV SSL, as, in order to obtain it, the owner of the website will need to go through a thorough validation process.
These certificates are the second most expensive type of SSL certificates and they are mostly used for commercial and public-facing websites.
3. Domain Validated certificates (DV SSL)
Since the validation process that’s necessary to obtain the Domain Validated certificate (DV SSL) is minimal, they offer minimal encryption and – thus – lower assurance. This type of SSL certificate is most commonly used for informational websites and blogs.
In other words, they are a perfect fit for any website that doesn’t involve any data collection or money transfer. As such, DV SSL is easy to obtain and is also one of the most affordable types of SSL certificates.
4. Wildcard SSL certificates
Wildcard SSL certificates are a great choice if you have to secure numerous sub-domains, aside from your base domain, on a single certificate. Needless to say, this is far more affordable than obtaining a specific SSL certificate for each of your sub-domains individually.
5. Multi-Domain SSL certificates (MDC)
A Multi-Domain SSL certificate (MDC) is used to secure numerous domain and subdomain names. As such, it can be used to secure domains and subdomains with Top-Level Domains (TLD).
However, since MDC doesn’t support sub-domains by default, if you wish to include them in the certificate as well, you’ll need to specify it when obtaining the MDC.
6. Unified Communications Certificates (UCC)
Unified Communications Certificates (UCC) are similar to Multi-Domain certificates. With this type of certificate, website owners can easily secure multiple domain names on a single certificate.
Naturally, it’s always advised to familiarize yourself with different types of certificates in order to be able to make the best choice for your website specifically.
SSL certificates are obtained from Certificate Authority (CA). The cost of an SSL certificate can range from hundreds of dollars to absolutely free, depending on the type and level of security you’re aiming to get.
When you determine the type of certificate you need, start looking for Certificate Issuers that offer that specific type of certificate.
Once you obtain the certificate, you will need to configure it on your web host. This can be either the server you host your own website on or the web host you’ve chosen when creating your website.
Keep in mind that the time necessary for obtaining the certificate will vary depending on the type of certificate, the validation process and the level of security you require.
How to ensure your online sessions are safe?
When required to submit any type of sensitive data online, you should do so only with websites that feature an EV or an OV certificate, as these provide the highest level of security.
Next, look for the website’s Privacy Policy section to see how your data will be treated. Trustworthy websites will be transparent about this, so if the website you’re browsing is not – better terminate your session to avoid any potential inconveniences.
Additionally, you should also browse the website for physical address or any other type of contact information, which are also considered good trust indicators, aside from the SSL certificate.
Finally, make sure you stay aware of various phishing scams as you can easily fall victim to them if you’re not careful enough.
To sum up
Every website owner that wants to attract a large audience and boost the visibility of their website should obtain an SSL certificate.
This will create a safe environment for their visitors which will not only encourage them to stay on the website longer, but will also make them more likely to take the desired steps towards conversion.
Since online security is so important in this day and age, not taking the necessary steps to secure your website simply doesn’t make sense.
Author’s Bio
Christopher is a Digital Marketing specialist, Project Manager and Editor at Find Digital Agency and a passionate blogger. He is a dedicated and experienced author who pays particular attention to quality research and details. Focused on new web tech trends and digital voice distribution across different channels, he starts the day scrolling his digest on new digital trends while sipping a cup of coffee. In his free time Christopher plays drums and Magic: the Gathering.
Top 3 Low-Code App Makers Disrupting the Industry
Author: Romy Toma-Catauta
It seems like something is disrupting the technology industry every other week with little to no effect. However, the low code platform industry is truly disrupting the technology sector by creating a more level playing field thus distributing technical prowess through no longer requiring it at all. This also leads to an increased need for cyber security companies that will prevent security attacks from happening or at least make the right decisions as quickly as possible.
In short, these low code platforms grant developers of any skill level the ability to create engaging apps without the barriers related to traditional development. GameMaker is one such platform that utilizes drag-and-drop low code solutions to make code game creation that much simpler. Companies who are looking to hire such specialists should take into consideration LinkedIn lead generation services that will help them find the right candidate faster.
In totality, it stands as a comprehensive tool that allows game developers to create games quickly with its built-in tools. Within the app, developers can quickly build levels and add mechanics with a few simple clicks of the mouse.
1. GameMaker
There are plenty of game creation applications out there for every kind of developer. Retro game lovers can make 16-bit games with RPGMaker, Candy Crush lovers can create their own popping puzzle games with in-browser app creation tools. Or, some write their code in HTML, C++, Java, or Python line by line.
Premier tools like Unity and Unreal help developers create premier-grade games with cutting-edge industry tech. But working with their visual programming is quite cumbersome.
GameMaker is no-code like RPGMaker and Buildbox, but is available for free. Additionally, GameMaker can be used to create interactive apps, not just gaming experiences.
2. Google App Maker
Google App Maker is a great platform for those looking to optimize their business applications. Unlike Zoho Maker, a long-time no-code favorite, Google App Maker is a remarkably inexpensive option. If you rely on Google services like Gmail, Google Drive, and Google Cloud Platform, then Google App Maker is a wonderful choice for your business app.
Google App Maker, Microsoft PowerApps, and other apps have made it possible to create AI-enabled enterprise apps without an entire development team. Truly, tech is becoming a more universal endeavor for large organizations to the individual developer and there will be more hybrid cloud solutions soon.
3. Bubble.io
Bubble.io is a fairly new option as a no-code app maker and app hosting service. With just some understanding of logic and some basic database experience, you can dive right into creating web and mobile apps through Bubble.io’s in-browser app creator.
In addition to allowing you to create apps through their low-code platform, they host your application on their servers. They can point traffic to your custom domain as well so it’s a perfect white-label solution for those looking to create a reliable and robust application.
Bubble.io is available for a low monthly fee. Breaking into app development has never been so easy or practical. We’re sure to see more companies adopting low-code platforms and more innovation within the no-code development space.
Developing in this environment also makes it much simpler to collaborate and onboard new developers as the engines come with a standard toolkit. Eliminating the need for several specialists reduces costs and speeds up development without sacrificing quality or complexity. GameMaker is also available for free and can be used to develop interactive experiences of any kind.
Google AppMaker, on the other hand, focuses on the business side of development and relates more to a platform like PowerApps which also focuses on business apps. The primary difference, however, is that Google AppMaker uses the entire library of Google technologies and makes them available to every developer. This platform is essentially no code and uses a complex system of stacked APIs to grant developers as many tools as possible to create the specific app they need without the technical barrier.
Additionally, the Google development platform is predominantly accessible around the world allowing for a true convergence of talent for your product. The power of Google’s technologies coupled with the openness of the platform provides development teams the ability to make great apps without being limited by technological prowess. Most importantly, Google’s platform is low cost and incredibly efficient making it one of the best doubloons for development.
Can My Business Survive a Cyberattack Today?
Author: Lexie Lu
Could your company survive a cyberattack? Small businesses may be particularly at risk because the cost of battling a hacking incident may exceed their budgets. Executives may be brilliant at building new companies and reaching out to leads, but lack a bit of IT knowledge. Without the full-time technical staff a larger operation has, they are also quite vulnerable to an attack.
Around 43% of cyberattacks are against small businesses. Hackers have different intentions. One is to knock you offline by overwhelming your system, and the other is to gain access to sensitive data, such as credit card numbers or customer contact info. Either way, you need to take steps now to protect your business and your patrons.
Six basic steps will ensure you can withstand a cyberattack. Some of these protect data and your website, while others prepare you for a breach even when you’ve done everything you can to avoid one.
1. Invest in Cloud-Based Computing
Going with a cloud service gives you the same security measures more prominent companies use. Smaller brands can’t afford expensive software or security teams on their own. However, you can use a company that has these systems in place and store your essential files on their servers. Switching to the cloud improved safety for about 94% of business owners.
A cloud-based system also allows your staff to access files from anywhere, so you’ll need to decide if you want to enable remote access or not. There are some additional security measures you’ll need to take and training your employees will need to complete if you choose to access files off-site.
2. Avoid Ransomware
In some attacks, hackers take over your computer and demand money to release it. Attacks such as WannaCry target outdated software on your system — particularly Microsoft. To avoid someone taking over your computers and either stealing the files on them or locking them up, complete all updates immediately. You may want to set your system to update each night automatically.
If you are the victim of ransomware, never give the hackers money. It only encourages more attacks in the future. Instead, work with a digital security expert to restore your files and secure your computers. There is almost always something you can do to get the malware off your computer without rewarding criminals for bad behavior.
3. Choose a VPN
There are two aspects to virtual private networks (VPN you can utilize to protect your business. First, shared hosting is a cheap way to get your business website online, but it comes with problems you may not want. Not only can a hacker take out an account and attack you on the backend, but you may also find there is a drag at times, and your site doesn’t perform as well as you’d like. A VPN gives you several advantages without costing as much as a dedicated server.
Another aspect of VPNs is that you can use one for online browsing. Since most companies keep a database of dangerous sites, you’ll get a notification to avoid potential hazards. Emails will be encrypted, and the network will prevent you from stumbling onto a website you shouldn’t and inadvertently downloading malware.
4. Backup Daily
If you aren’t already backing up your data daily, you need to implement a plan. Companies such as iDrive and DropBox allow you to automate backups from your systems. If you wind up with a ransomware attack, you would merely return to the nearest point before the attack, for example. If your system crashes and you lose everything, the information is stored. Pay attention to the security on the site you hire to back up your files.
Some companies also use an external hard drive, but it’s important to have files stored in a separate location in case of a natural disaster. A cloud-based system is your best choice for backing up off-site, but that shouldn’t be the only place you keep files. The remote server could also crash, so never make one source your only file backup.
5. Train Employees
One of the ways hackers gain access to information is by tricking people into sharing logins or sensitive information. Thieves are quite savvy and will send an email that looks like it is from a reputable company or even the person’s manager. Conduct regular internet safety awareness training so your employees know what information they can and can’t share, as well as how to recognize a phishing email.
6. Plan for the Worst
Create a plan for what you’ll do if you are the victim of a cyberattack. Let’s say the worst happens, and sensitive information leaks out. You are required by regulations in some areas to inform your customers and let them know what you’ve done to fix the issue. Yes, people are going to be angry, so the faster you can rectify the problem and reassure them, the better you’ll mitigate the damage.
Never try to cover up a hacking situation where sensitive information was compromised. Immediately inform those affected so people can take measures to protect their credit card numbers or credit.
Protect Your Business
Keeping your business safe from the nefarious intentions of others should be one of your top priorities. When you make digital security a vital part of your routine, you’ll reduce the chances of losing money due to an attack. Take the steps needed to guard your assets, and you’ll have one less worry in running your business.
Author’s Bio:
Lexie is a digital nomad and web designer. When she’s not traveling to various parts of the country, you can find her at the local flea markets or hiking with her goldendoodle. Check out her design blog, Design Roast, and connect with her on Twitter @lexieludesigner.
Cybercrime is an ongoing threat since 2018. You might think that the only form of cybercrime you will ever experience is hackers trying to get into your account and stealing all personal information. But it’s not that simple. Over the last few years, cybercrime has dramatically increased in number, with a variety of cyber attacks and threats like malware, phishing, ransomware, and a lot more. What you need to know is this: there are far more concerns than just stealing basic information.
Organizations should be concerned about this most. Most – if not all – companies consider information as one of their most valuable assets; hence, losing this information and mishandling it over to the wrong hands can severely paralyze the entire organization.
Thankfully, you can prevent cybercrime. Well, not entirely. But you can at least take precautions to help protect your most valuable assets. As starters, you may want to get the most secure VPN out there to eliminate or at least limit the chances of risk. Not sure how this can help? Here’s how VPNs can protect users against cyber attacks:
VPNs Come With Detectors
Good VPN services always come with a malicious website detector. Basically, this is a database with all the illegal websites created by online predators that bring danger to a user’s privacy, security, and even reputation. Having a VPN allows you to go on such websites, but also be immediately notified about it and how it can paralyze your network.
It Keeps Your Browsing Session Secure
It is challenging to keep your browser safe just by using a regular browser’s safety features. Hackers can still get into it and steal your login information and other crucial data. So this is exactly why you need a VPN. Activating a private connection through a VPN service enables you to protect all your online data transactions and keep hackers away from spreading viruses, malicious content, and stealing your data.
It Encrypts Data And Comes With A Firewall
VPNs conceal and protect data in such a way that even if hackers get a hold of it, it will be almost impossible to decode and steal your information. It also comes with a firewall that will significantly help protect you from different kinds of cyber threats and attacks. More than anything, it prevents malicious software and online predators from accessing your device without permission and taking full control over it.
It Prevents Spam Emails That Lead To Phishing Websites
A lot of users today get lured to phishing websites because of many things. One of the most common ways hackers can do this is by sending suspicious emails with clickable links leading to illegitimate sites that eventually phish for personal information. Fortunately, VPNs prevent this from happening simply because a private connection won’t allow hijackers to track your email or IP address and send you emails that contain phishing links, viruses, or malware.
It Builds A Stronger Data Protection System
Hackers will do everything that it takes to penetrate your system and steal all crucial information. But, with a VPN put into action, users will be able to establish more reliable data protection systems, protecting not just the server, but the entire network connection as well. Even before intruders can launch an attack on your server, they would first have to get through your heavily-encrypted VPN connection, which is quite impossible to do.
Wrapping Up
There you have it, a quick guide as to how VPNs can protect you against cyber attacks. Gone are the days of having to worry or stress about not getting enough privacy and security online. This is the age of a more secure Internet access. All that’s left for you to do is download the most suitable VPN service for you.
Author’s Bio:
Edwin Deponte is a motivational writer who loves to travel around the world. Also a digital nomad, he finds it hard to access the world wide web on countries with strict Internet censorship; hence, he studied the ins and outs of VPN connections. Having been hooked to this, he continues to write about the topic to help users and other digital nomads worldwide that experience the same problems.
