I got a suspicious email — is it from you?
Phishing is a major problem in the business-services space. Scammers send emails impersonating FormationHub, the IRS, state Secretaries of State, and FinCEN to try to steal personal info, login credentials, or money.
If you got an email that feels off — don't click anything. Read this article first.
What FormationHub emails ACTUALLY look like
Sender
Always from one of these domains: - [email protected] (most automated emails) - [email protected] (when a human is replying) - [email protected] (payment-related) - [email protected] (security alerts only)
NOT from: - ❌ @formation-hub.com (with a dash) - ❌ @formationhub.co (.co instead of .com) - ❌ @formationhub-llc.com, @formationhubpro.com, @formationhub.support - ❌ @gmail.com, @outlook.com, or any free email service
Check the email address shown in the From field, not just the display name. Scammers can set a display name to "FormationHub Support" while the actual email is [email protected].
Links
Real FormationHub links go to: - https://www.formationhub.com/... - https://help.formationhub.com/...
Hover over any link in an email (don't click) to see the actual URL. If it's not on one of those domains, it's not from us.
Common phishing URL tricks: - formationhub.com.suspicious-domain.io — looks like formationhub.com but actually goes to suspicious-domain.io - formation-hub.com — single character difference - Shortened URLs (bit.ly/...) hiding the real destination - Internationalized domains using look-alike characters
Content style
Real FormationHub emails: - ✅ Address you by name (because we have your name) - ✅ Reference a specific filing, order, or business - ✅ Use professional grammar (typos rare but possible) - ✅ Have clear unsubscribe links (for marketing emails) or no marketing CTAs (for transactional) - ✅ Never ask for sensitive info (SSN, EIN value, full credit card)
Phishing emails often: - ❌ Use generic greetings ("Dear Customer") - ❌ Reference vague urgency ("Your account will be suspended in 24 hours!") - ❌ Ask for sensitive info via reply or form - ❌ Have typos, broken English, or weird formatting - ❌ Use too many ALL-CAPS or !!! exclamation marks
What FormationHub will NEVER ask for
❌ Your SSN via email
❌ Your EIN value via email (we never put your EIN in email content; only deep-links to your portal)
❌ Your password (we don't know it; only its hash)
❌ Your full credit card number (handled entirely by our payment processor; we only see last 4)
❌ Wire transfers to an "alternate payment account"
❌ Bitcoin / crypto payments
❌ Gift cards as payment
If an email claiming to be from us asks for any of these: it's phishing. Report it.
Common phishing patterns we've seen
"Verify your EIN to avoid penalties"
Variations: "Confirm your EIN", "Update your EIN registration", "Re-verify your business EIN."
We never need you to verify or update your EIN — the IRS issues it, we don't.
"Your LLC will be administratively dissolved"
Real state dissolution notices come from the Secretary of State (paper mail to your Registered Agent), not from @formationhub-warning.com.
"Annual report fee due — pay now"
Real annual report reminders come from us with a portal link, OR from the state via mail. They never demand payment via Western Union, gift cards, or crypto.
"FinCEN BOI compliance verification"
FinCEN does NOT email businesses to "verify" BOI status. They might contact you by mail if there's an issue with a specific filing.
"Your account has been compromised — reset password here"
If you get this and didn't request a password reset, someone tried to access your account. The link in the email is usually fake. To safely reset, go directly to https://www.formationhub.com/auth/forgot-password.
"Your filing was rejected, click here to fix"
Real rejection notices include the specific reason from the state. They link to your member portal, not to an external "fix-it" form.
How to verify if an email is real
Quick check
Look at the From address (full address, not display name)
Hover over any link without clicking — does it go to
formationhub.com?Does it reference your specific business name and filing ID?
Does it ask for sensitive info? (If yes, fake.)
If still unsure
Don't click anything in the email.
Sign in to your portal directly: https://www.formationhub.com/member
Check if there's a matching action item or alert in your portal
If yes, the email is probably real; you can act on the portal version safely
If no, the email is probably phishing
Definitive check
Forward the suspicious email to [email protected]. We'll respond within 1 business hour during business hours confirming whether it's real.
What to do if you fell for a phishing email
You clicked a link but didn't enter info
Probably fine. The link likely tried to install browser tracking or download malware.
Run a malware scan on your device (Malwarebytes free tier is fine).
Don't click anything else in that email.
You entered your FormationHub password
Immediately: go to https://www.formationhub.com/member/settings/security and change your password
Enable 2FA if not already
Email [email protected] — we'll check our logs for any unauthorized access
Monitor your account for the next 30 days
You entered your bank account or credit card info
Call your bank IMMEDIATELY (don't wait until morning)
Report the card as compromised; they'll issue a new one
File a complaint with the FTC: https://reportfraud.ftc.gov
Email [email protected] so we can warn other customers
You sent money via wire / gift card / crypto
Try to cancel the wire immediately with your bank (only works within hours)
Gift cards / crypto: usually unrecoverable, but file a police report and FTC complaint
The faster you report, the better the chance of recovery
Reporting phishing
Always report when you see one:
Suspected phishing pretending to be FormationHub: forward to [email protected]
Suspected IRS scam: forward to [email protected]
Suspected state SOS scam: contact your state's consumer protection office
Bank/payment fraud: call your bank + file at https://reportfraud.ftc.gov
Reporting helps us: 1. Take down impersonator domains (we work with hosting providers) 2. Warn other customers via a banner in their portal 3. File reports with the FBI's IC3 (Internet Crime Complaint Center)
What we do to prevent phishing
SPF + DKIM + DMARC on every email we send (so receiving mail servers can verify it's really us)
Branded sender domain consistency (no email aliases, no third-party senders)
No external email senders mimicking our infrastructure
Domain monitoring for newly-registered look-alike domains (we file takedowns within 24 hours)
Customer security education (like this article)
Next steps
Bookmark this article — phishing patterns evolve, but our domain stays the same
Enable 2FA: Setting up 2FA
Forward any suspicious email to [email protected]
When in doubt, sign in to your portal directly — never via email links