Someone Is Pretending to Be Your Web Designer — Here Is How the Scam Works

Impersonation Scam

Your phone buzzes. A client texts you: “Hey, did you send me an email about a website update?”

You didn’t.

That’s how this started for me. A fraudster created a fake email address designed to look like mine. They scraped the internet for websites I had built. They found the client’s contact information from those sites. Then they sent a carefully written email, pretending to be me, offering website services. The link at the end would have stolen credit card information and likely installed malware.

This post is a real account of what happened. My goal is simple. I want you to know this scam exists, how it works step by step, and what you need to do right now.

Key Takeaways

  • Scammers create Gmail addresses that mimic legitimate business emails
  • They scrape the web to find your clients using your own website footer credit
  • The scam runs in three stages: outreach, fake audit, and then a purchase link
  • The purchase link leads to an unbranded third-party store, which is a major red flag
  • Most clients who received the fake email said nothing. Only one spoke up.
  • Any business with an online presence can be impersonated this way
  • Silence from your clients is not safety. Communication is your best protection.
Dotty Scott Best Selling Author and Website Designer

Written by Dotty Scott
Founder of Premium Websites, Inc.
Empowering small businesses to go from Invisible to Invincible.

Table of Contents

email impersonation scam

How This Scam Actually Works

This is a three-stage email scam targeting small business clients. The fraudster impersonates a trusted service provider, builds fake credibility over two follow-up emails, then sends a payment link to a fraudulent store.

Here is the full sequence, broken down exactly as it happened.

Stage One: The Warm Outreach Email

The scammer sent an email that opened with “This is Mark, your Certified Partner.” It referenced past work together. It offered a website refresh with better design, stronger SEO, and updated content. The tone was friendly and professional. The signature used my name, my photo, and my business name, Premium Websites, Inc.

Nothing in that first email screamed fraud. That was the point.

The fake email address was constructed like this:

dottypremiumwebsites.net@gmail.com

Notice what they did. They took my name, added my domain, and put it all in front of @gmail.com. At a quick glance, especially on a mobile screen, it can look legitimate. Slow down and read it carefully, and the Gmail giveaway is right there.

fraud-email-outreach

Stage Two: The Fake Website Audit

When a client responded, the scammer sent a follow-up. It included a screenshot of the client’s actual website alongside a fake performance score. It listed four specific problems found:

  • Homepage design issues
  • Content and SEO weaknesses
  • Navigation problems
  • Mobile speed concerns

This is a classic trust-building move. Showing someone their own website makes the scam feel personal and well-researched. It creates urgency. The client thinks, “They clearly know my site. This must be real.”

It is not real. These audits are fabricated. The performance scores are screenshots designed to look credible.

fraud-email-offer

Stage Three: The Pricing Offer and Payment Link

After the fake audit, the scammer sent a pricing email. Two packages were offered:

Package Original Price Discounted Price Timeline
Basic $350 $315 3-5 business days
Premium $550 $495 5-7 business days

A 10% “returning client discount” was applied to both. This detail matters. It mimics how a real, relationship-based business operates. It felt familiar. It felt earned.

The payment link went to a Shopify-style store. The product was called “Website Enhancement.” The store had no branding whatsoever associated with Premium Websites, Inc. That was a mistake on the scammer’s part. A branded impersonation would have been far more convincing. Still, someone in a hurry, or someone who already trusts the email chain, might not notice.

Had anyone purchased, the scammer would have had their credit card details. The “instant download” attached to the product almost certainly contained malware.

fraud-email-purchase

The Email That Started It All

The scammer found my clients through a common web design practice: the “built by” footer credit.

Many web designers, including myself, include a small line at the bottom of client websites. Something like: “Website by Premium Websites, Inc.” It is a standard professional credit. It also happens to be a public, indexed, searchable link back to a designer’s full body of work.

The scammer used that. They searched for my footer credit, found the websites I had built, and scraped the contact information listed on those sites. Every client with a contact page was a potential target.

This is not a flaw unique to me. Any web designer, marketing agency, or freelancer who uses footer credits is creating a publicly accessible client list. Scammers know this. They use it.

Why Small Business Owners Are the Target

Small business owners are targeted because they often work closely with one or two trusted service providers. That relationship is the weapon.

When an email arrives referencing past work, using familiar language, and including a real photo and business name, people believe it. There is no reason not to. The email looks like it came from someone they already paid and said yes to before.

The scammer is not guessing. They know the relationship existed because the website is proof. They are exploiting trust that someone else already built.

Did you know: The FBI’s Internet Crime Complaint Center reported that Business Email Compromise costs US victims over $2.9 billion in a single year. Small businesses account for a significant portion of those losses, and the average victim never recovers the funds. The scam works so well because it feels personal, not random.

Your Business Could Be Impersonated Too

This is the part I want every small business owner and solopreneur to sit with.

You do not have to be a web designer for this to happen to you. Any business with an online presence, a client base, and a recognizable name can be impersonated.

Here is how easy it is:

  1. A scammer finds your business name and website
  2. They create a Gmail address using your business name
  3. They search for your clients online through your portfolio, testimonials, social media tags, or directory listings
  4. They send emails pretending to be you, offering services your clients would expect from you

The scammer who targeted my clients likely created a unique fake email address for my business. If they are running this at scale, and they almost certainly are, they are creating individual fake addresses for every business they impersonate. Each one is crafted to look like it belongs to that specific person.

Your clients trust you. That trust is exactly what gets used against them.

The team at Premium Websites, Inc. has seen firsthand how damaging this kind of impersonation can be. Not just financially, but in terms of the confusion and doubt it creates between a business and its clients.

The Silence Problem: Why Most Clients Said Nothing

This might be the most important section in this entire post.

After discovering what happened, I sent an email to all of my clients. I included a screenshot of the fraudulent message and asked them to let me know if they had received it.

The response was eye-opening.

Many clients confirmed they had received the exact same email. Most said they deleted it and moved on. A few responded to the first email and only realized something was wrong when the follow-up arrived with the fake website audit. Only one client reached out to me directly when it happened.

Only one.

That is not a criticism of my clients. It is human behavior. People are busy. Deleting a suspicious email feels like handling it. What they do not realize is that their silence leaves the business owner completely in the dark.

Here is why that matters:

  • You cannot warn other clients if you do not know it is happening
  • You cannot report it to the authorities without knowing the scope
  • You cannot correct the damage to your reputation if clients quietly assume you were somehow involved

If you receive an email that seems off, from anyone you do business with, tell them. One message. One text. That is all it takes to stop something like this from spreading further.

What the Fraudster Was Really After

The obvious goal was money. The $315 or $495 payment would have gone directly to the scammer, not toward any actual work.

The less obvious goal was access.

The “instant download” attached to the fake Shopify product almost certainly contained malicious software. Once downloaded and opened, that file could have done any number of things. It could log keystrokes, steal stored passwords, open a backdoor into the victim’s computer, or capture financial data over time.

This is a two-layer scam:

  1. Layer one: Steal credit card details at checkout
  2. Layer two: Install software that enables ongoing theft long after the purchase

The payment is almost secondary. The download is the real prize.

How to Protect Yourself and Your Clients

Whether you are a business owner worried about being impersonated or a client trying to spot a fake email, the steps are the same.

For Business Owners

  • Send a proactive email to your clients explaining that scammers may impersonate you. Do it now, before anything happens.
  • Ask clients to verify directly with you before paying anyone claiming to be you or your team.
  • Set up a Google Alert for your business name so you are notified when it appears in new places online.
  • Add a note to your website explaining your official contact information and email domain.
  • If you use footer credits, be aware that your client list is partially public. That is not a reason to remove credits. It is a reason to communicate regularly with your clients.

For Clients and Small Business Owners

  • Check the sender’s full email address, not just the display name. A Gmail address for an established business is a red flag.
  • Never pay for services through a link sent in an unsolicited email. Always go directly to the business website to make payments.
  • Do not download files from unexpected emails, even if the sender seems familiar.
  • If something feels off, ask. A quick text or phone call to your actual contact confirms everything instantly.
  • Report suspicious emails to your provider and to the FTC at reportfraud.ftc.gov.

Red Flags Side by Side

Legitimate Email from Your Designer Scam Email Red Flags
Sent from your designer’s actual domain Sent from a Gmail or free email address
References specific project details you both know Vague references to “past work together”
Links to the designer’s own website for payment Links to an unrelated third-party store
No pressure or urgency Creates urgency to act quickly
Consistent branding throughout Mismatched or absent branding on payment page

Key Takeaways

Scams like this work because they are built on real trust. The relationship was genuine. The website was real. The history was real. Only the email was fake.

The best defense is open communication between businesses and their clients, and between clients and the businesses they work with. Silence, even well-meaning silence, is what lets these scams spread.

If you work with Premium Websites, Inc., know this: all official communication comes from our verified business domain. If you ever receive something that looks like it is from us but feels off, reach out directly. We would always rather get a quick check-in than have a client get hurt.

If you run any kind of small business, talk to your clients. Tell them what your emails look like, where you send payment links from, and what you will never ask them to do via email. That one conversation could protect both of you.

FAQ

What is email impersonation, and how does it work?

Email impersonation is when a scammer creates an address that appears to belong to a real, trusted person or business. They typically use free email services like Gmail and create addresses using the target’s name, business name, or domain. The goal is to make the recipient believe they are communicating with someone they already know. The scammer then uses that assumed trust to request money, personal information, or to get the recipient to click a link or download a file.

How did the scammer find my contact information?

In this case, the scammer scraped contact information from websites that listed a “built by” footer credit. Those websites had publicly visible contact pages with email addresses and phone numbers. This is a common tactic. Scammers search for portfolio pages, testimonials, and directory listings to build targeted contact lists. If your business is listed online in any capacity, your contact information is potentially accessible.

Is my business at risk of being impersonated this way?

Yes. Any business with a public online presence can be impersonated. The scammer creates a fake email address specific to each business they target. They then look for that business’s clients through public-facing content: testimonials, social media tags, portfolio pages, or any place clients are mentioned or linked. You do not need to be large or well-known. You just need to be findable.

What should I do if I receive a suspicious email from someone I know?

Do not reply to the suspicious email directly. Replying continues communication with the scammer. Contact the person through a completely separate channel: a phone call, a text to a number you already have saved, or an email to an address you have used before. Tell them what you received. Even if it turns out to be real, a quick check costs nothing. If it is a scam, you may be the one person who stops it from spreading.

Why didn’t more clients report the suspicious email?

Most people who receive a suspicious email delete it and move on. It feels resolved. What they do not consider is that the business being impersonated has no idea it is happening. In this situation, many clients confirmed receiving the scam email only after being contacted. Only one of them reached out first. People assume someone else will report it, or they do not want to bother the business owner over something they already handled. That one message could make a real difference.

What could the “instant download” in the scam have done to my computer?

Downloads attached to scam purchases are typically malware. Common outcomes include keyloggers that record everything you type, ransomware that locks your files until you pay, or remote access tools that let a scammer control your computer from anywhere. You would often not know anything had happened until the damage was done. Never download files from a purchase you did not seek out through a verified source.

The post Someone Is Pretending to Be Your Web Designer — Here Is How the Scam Works appeared first on Premium Websites, Inc..



Original post here: Someone Is Pretending to Be Your Web Designer — Here Is How the Scam Works

Comments

Post a Comment

Popular posts from this blog

Strategic Vision, the Bald Eagle Way

Image
What can Bald Eagles Teach Us About Strategic Vision? Ever feel like you’re so deep in the day-to-day grind that you’ve lost sight of the big picture? That you’re busy flapping your wings but not really soaring? At Premium Websites, Inc., we’ve seen countless business owners in that trap. It’s time to take a cue from one of nature’s most iconic visionaries: the bald eagle . Written by Dotty Scott Founder of Premium Websites, Inc. Empowering small businesses to go from Invisible to Invincible. Why Bald Eagles? Because They Don’t Do Small Thinking Bald eagles aren’t just any bird, they’re regal, majestic, and chosen as the national symbol of the United States for good reason. They rise high above it all, scanning vast terrain with laser-sharp vision before making a decisive move. At Premium Websites, Inc., we believe that level of clarity and strategy is essential for smart business growth . When you’re caught up in responding to emails, updating your websit...
Read more

20 AI Myths That Deserve a Reality Check

Image
You’ve heard the hype. Maybe even believed a few things you read online. AI is everywhere. But what if some of the loudest claims about it just aren’t true? At Premium Websites, Inc., we want small business owners to feel informed, not overwhelmed. Let’s separate fiction from function. Written by Dotty Scott Founder of Premium Websites, Inc. Empowering small businesses to go from Invisible to Invincible. Privacy and Security AI can feel like a black box. This group of myths clears up what really happens to your data and how to stay in control. #1 It’s Private By default, OpenAI stores your chats to train and improve future versions of its models. This means your conversation could be reviewed, even if anonymously, unless you disable that setting. You can turn off data sharing in your ChatGPT settings, but most users don’t realize it’s on by default. If you’re working with anything sensitive like financial data, internal strategies, or client information, ...
Read more

Lost on the Trail: A Lesson in Business Adaptability

Image
The best business lessons rarely come from a boardroom. They show up in the wild, uninvited. So there I was, in my early twenties, hiking alone in the mountains, determined to reach a serene mountain lake. The trail began at the very top of a long, winding mountain road and zigzagged upward in a series of switchbacks. At first, everything felt predictable. The dirt path was well-marked, my pace was steady, and the goal seemed completely within reach. I could not wait to get to the alpine lake! But as I climbed higher into the treeline, the air thinned and an unexpected blanket of snow covered the ground, quietly swallowing the path forward. The footprints disappeared, the markers vanished, and soon I realized I was wandering in circles. I never did find that lake. Instead, I found myself turned around in the silence and white of the snow, unsure which way was forward, or back. Written by Dotty Scott Founder of Premium Websites, Inc. Empowering small businesses to go f...
Read more