Scammers sometimes send fake emails pretending to be from Change.org to steal personal information or spread malware. Here’s how to tell if an email is real or a scam.

1. Check the Sender’s Email Address
All official Change.org emails come from these domains:
 @change.org
 @m.change.org
 @f.change.org
 @a.change.org
 @t.change.org
 @e.change.org

🚨 Watch out for fake domains! Scammers may use similar-looking addresses, like:
change.org.mail.com (fake)
change-org-support.com (fake)
If an email comes from an unknown or suspicious address, don’t click on any links.

2. Be Careful with Links 
Scam emails often contain fake links that look real. Before clicking, hover over the link to see where it leads. If it doesn’t end in change.org, it’s likely a scam.

3. We’ll Never Ask for Sensitive Info 
Change.org will never ask for:
- Your password
- Bank details
- Credit card number
- Security answers
If an email asks for this information, it’s a scam.
*The only exception: If there’s an issue with your Change.org membership payment, we may ask you to update your details securely on our platform.

4. Be Wary of Email Attachments
Change.org rarely sends emails with attachments. If you receive an unexpected email with a file, don’t open it unless you’re sure it’s safe.

5. Look for Spelling & Grammar Mistakes
Official Change.org emails are carefully checked for errors. If an email has many spelling mistakes or bad grammar, it may be fake.
*A note on translations: Some automated emails in languages other than English may have minor translation errors. However, this doesn’t mean they’re phishing attempts.

What to Do If You’re Unsure
If you’re not sure whether an email is real, don’t click any links or open attachments. Instead, check with us directly through the Change.org Support Team.