Important Security Notice: Phishing Emails Targeting Hot Lizard Designs Clients

Written By Kati McKeon

Recently, Squarespace alerted its Circle members to a sophisticated phishing scam. Some clients are being targeted by individuals posing as legitimate web design professionals—often impersonating the exact designer who originally built their website.

Unfortunately, this scam has reached several of our own clients here at Hot Lizard Designs. We have received reports of fraudulent emails using my business name and logo, but sent from unauthorized addresses like contact.hotlizarddesigns@gmail.com or kati.hotlizarddesign@gmail.com.

Please be aware: Our official domain is @hotlizarddesigns.com. Any email coming from a Gmail address or a variation of our name is not from me.

What’s Happening

Scammers are sending professional-looking emails that claim to be from "Hot Lizard Designs." These messages often use urgent language to trick you into clicking links or replying. Common tactics include:

  • Compliance & Technical Verification: Claims that your site requires a "License Key verification" or "Squarespace compliance review" to prevent it from being taken offline.

  • Urgent Audits: Asking you to reply “YES” to authorize a website audit.

  • Data Protection Gaps: Warnings that your site has "gaps" in GDPR or CCPA alignment that require immediate (and often paid) intervention.

These scammers are even using the Hot Lizard Designs logo and professional signatures to appear authentic. One client recently reported a reply from someone named "Sean"—please note that I do not have a staff member by that name.

The Facts

  • Squarespace has confirmed this is a phishing scam. * There is no such thing as a "Compliance License Key" required for your site.

  • Squarespace handles all core security updates as part of your hosting fees.

  • My domain, website, and Squarespace access have NOT been compromised. Your site and data remain secure.

How to Stay Safe

Here’s how you can protect your website and personal information:

  1. Check the Sender Address: Genuine emails from me will always come from an address ending in @hotlizarddesigns.com.

  2. Look for the Signature: Official correspondence will include my standard Hot Lizard Designs email signature.

  3. Don’t Be Rushed: Never share login credentials or make payments based on an unsolicited "urgent" request.

  4. Enable 2FA: I highly recommend enabling two-factor authentication (2FA) for your Squarespace and Google accounts.

  5. Verify Directly: If you receive a suspicious email, do not click any links or reply. Instead, forward it to me at kati@hotlizarddesigns.com or contact me via my website so I can confirm it for you.

What to Do If Targeted

If you receive one of these emails, please report it as phishing through your email provider (e.g., Gmail) and then block the sender. This helps prevent further nuisance emails from reaching your inbox.

Current Security Status

Please be assured that our internal systems, domain, and Squarespace access have not been compromised. These scammers are simply "spoofing" our brand using publicly available information. Your website and data remain fully secure.

We are committed to the security of our clients’ online presence. If you ever have a question regarding a notice you’ve received, please reach out directly for verification.

Kati McKeon https://hotlizarddesigns.com
Next

A Student Made My Day — and Didn't Even Know It