Recognize phishing emails
Table of Contents
Scammers sometimes send fake emails pretending to be from Change.org to steal personal information or spread malware. This article explains how to identify legitimate Change.org emails and protect yourself from phishing attempts.
How to Identify Legitimate Change.org Emails
Check the Sender's Email Address
All official Change.org emails come from these domains:
● @change.org
● @m.change.org
● @f.change.org
● @a.change.org
● @t.change.org
● @e.change.org
Scammers may use similar-looking addresses that are fake, such as:
● change.org.mail.com (fake)
● change-org-support.com (fake)
If an email comes from an unknown or suspicious address, do not click on any links or open attachments.
Verify Links Before Clicking
Scam emails often contain fake links that look real. Before clicking any link in an email, hover your mouse over it to see where it actually leads. If the destination URL does not end in change.org, it is likely a scam.
Recognize What Change.org Never Asks For
Change.org will never ask you for:
● Your password
● Bank details
● Credit card number
● Security question answers
If an email requests this information, it is a scam.
The only exception: If there is an issue with your Change.org membership payment, Change.org may ask you to update your payment details securely through the platform at Account Settings. You will never be asked to provide payment information via email reply.
Be Cautious with Email Attachments
Change.org rarely sends emails with attachments. If you receive an unexpected email with a file attachment, do not open it unless you are certain it is safe.
Look for Spelling and Grammar Mistakes
Official Change.org emails are carefully checked for errors. If an email contains many spelling mistakes or poor grammar, it may be fake.
Note on translations: Some automated emails in languages other than English may have minor translation errors. However, this does not mean they are phishing attempts.
What to Do If You Receive a Suspicious Email
If you are not sure whether an email is real:
- Do not click any links in the email
- Do not open any attachments
- Do not reply with personal information
- Contact the Change.org Support Team directly to verify if the email is legitimate
When contacting Change.org support, include:
● The sender's email address
● The subject line of the email
● A brief description of what the email is asking for
Frequently Asked Questions
What if I didn't request a password reset but got an email about it?
If you receive a password reset email from Change.org that you did not request, someone likely entered your email address by mistake when trying to reset their password. You can safely ignore the email. Your password will not change unless you manually complete the password reset process by clicking the link and creating a new password. If you receive multiple such password reset emails that you didn’t request, please contact support.
What should I do if I already clicked a link in a phishing email?
If you clicked a link in a suspicious email:
- Change your Change.org password immediately at Account Settings
- Check your account activity for any unauthorized actions
- If you provided payment information, contact your bank or credit card company
- Contact the Change.org Support Team to report the incident