Our top priority is keeping you and your information safe while allowing you to fully leverage our platform. Cybersecurity threats are on the rise, with phishing attacks becoming more sophisticated by the day. Bad actors may target you by pretending to be an Upwork representative. If you receive an email from us, follow the steps below to make sure it’s legitimate.

Verifying emails from Upwork

We occasionally send you emails with notifications, surveys, and updates to your account, so it’s important that you can identify legitimate communications from Upwork. Here's how you can verify emails from us:

  1. Look for the verified check mark: If you are using Gmail or G-Suite you will see a blue checkmark next to the sender's name. This checkmark confirms that the domain and sender are valid. When you hover over the checkmark the following message will appear.


  1. Check the sender's address: Our official emails will come from a domain associated with our company @upwork.com or @[subdomain].upwork.com. Always double-check the sender's email address and be cautious of slight variations in domain names or misspellings. Below are some of our most common sender email addresses:
  • upwork@email.upwork.com

  • accountsecurity@upwork.com

  • donotreply@upwork.com

  • DoNotReply@feedback.upwork.com

  • donotreply@community.upwork.com

  • noreply@qemailserver.com

If you get email notifications about new Upwork Messages, the sender email address will include a unique room code. For example, a legitimate email that displays your Upwork Message could look like this:

  • room_49983972355135147734666340071781@upwork.com.

To verify legitimacy, log into Upwork and interact with your messages here.

We may occasionally send survey emails, which help us improve. Legitimate Upwork surveys can come from other domain names not associated with Upwork. For example, a legitimate survey email could be from:

  • noreply@qualtrics-research.com

Always reach out to support if you’re not sure if an email is legitimate.

These are just a few common examples, but not a full list of legitimate senders. If you aren’t sure if the sender is legitimate, do not interact with the email, and contact support to verify whether it’s a scam/phishing attack.

  1. Look for official branding: Legitimate emails will typically feature consistent branding elements such as logos, colors, and formatting that align with our company's identity. Be wary of emails lacking our branding or full of typos.
  2. Avoid suspicious attachments or links: We'll never send unsolicited attachments. If you receive an email containing unexpected attachments, don’t engage with any links and verify the email's legitimacy through other means. If you are communicating about a support ticket issue you’ve filed, you’ll be able to verify the legitimacy of the support ticket here.
  3. Reach out for confirmation: If you're uncertain about the authenticity of an email, don't hesitate to contact our official support channels. It's better to be safe than sorry when it comes to email security.

Allow-listing domains to ensure uninterrupted email flow

Allow-listing domains in email providers or email protection services is a proactive step to ensure uninterrupted access to our platform while maintaining stringent security measures. There are different ways to allowlist domains depending on your email provider. Research the best way to allow-list Upwork depending on your service to make sure you have continuous access to our platform and notifications.

Stay informed

The digital landscape evolves rapidly, and staying informed about the latest cybersecurity trends and best practices is essential. Regularly check our official communication channels (like the Community) for updates on security measures, and educate your team members about the importance of email verification and domain allow-listing. By following these guidelines, you'll be better equipped to distinguish genuine communications from potential threats.

Learn more about staying safe on Upwork.

Was this article helpful?

36 out of 58 found this helpful