How to Spot Phishing
Quick checks to confirm you’re on the right site, recognize common red flags, and know exactly what to do if something looks off.
Last updated: June 12, 2025
Check the address bar
Only use https://workspaceml.com. Look for the padlock and https.
Verify the sender
Official emails come from @hoaus.org — not free mail services.
Payment safety
We never ask for card or bank details by phone or text. When in doubt, forward to verification@hoaus.org.
Quick Validator (email or URL)
Paste an email address or link to check if it matches our official domain.
Attachment Verifier (PDF)
We do send official PDFs (statements, notices). Use this quick check before opening anything you’re unsure about.
What this checks: correct PDF header, file type, and risky features (e.g., /JavaScript, /OpenAction, /Launch, embedded files). It does not upload or store your file.
Common Red Flags
Urgent payment demands
“Pay in 1 hour or we’ll add penalties.” We provide clear due dates and formal notices—never panic tactics.
Mismatched links
Hover before you click. If the link text says our domain but the real URL is different, don’t open it.
QR codes to unknown sites
Beware QR codes in emails or flyers. Our payment pages are only on hoaus.org.
Unexpected attachments
Legit files are .pdf only. Be suspicious of .zip, .exe, or .docm files.
If You Clicked or Shared Information
- Immediately change your HOA portal password and any reused passwords elsewhere.
- Enable multi-factor authentication (MFA) on your email and bank accounts.
- Contact your bank/card issuer if you entered payment details on an unknown site.
- Forward the suspicious message to verification@hoaus.org with the subject “Possible phishing.”
Remember: When in doubt, don’t click. Go directly to https://workspaceml.com or contact us to verify first.