Webflow sync, pageviews & more.
NEW

Has anyone else using Webflow had clients report receiving emails claiming their website has been hacked and requesting ransom in bitcoin? We've had two clients report this issue in one morning. Any advice or insight would be greatly appreciated.

TL;DR
  • These scam emails are common phishing hoaxes, not real breaches, often sent via scraped contact forms or WHOIS data.
  • Confirm Webflow site security, enable form protections like reCAPTCHA, and educate clients to ignore, not respond, and never pay.

Yes, clients receiving scam emails claiming their Webflow site has been hacked is not uncommon. These are typically phishing or extortion hoaxes and not an actual security breach of their site or Webflow itself.

1. Understand What This Type of Email Is

  • These are often email extortion scams, commonly known as sextortion or website-hacking ransom scams.
  • The message usually claims the website was “hacked” and threatens to leak data or take down the site unless paid in Bitcoin or cryptocurrency.
  • These emails are mass-distributed using scraped contact forms or public WHOIS data, not based on a true breach.

2. Confirm Webflow Site Security

  • Webflow-hosted sites are secure by design, using global CDN, SSL by default, and are not easily exploitable via front-end interactions.
  • Check if your client’s site has:
  • Custom forms that forward user data—verify nothing sensitive is stored or shown.
  • Any CMS Editor access—ensure strong passwords and unique emails are used.

3. Check for Contact Forms Vulnerability

  • If the scam emails are received via form submissions on the site, ensure:
  • Webflow’s spam filtering is enabled (reCAPTCHA or form rules).
  • ReCAPTCHA v2 can be activated under Project Settings > Forms.
  • Use form spam honeypots or require email confirmation to deter bots.

4. Educate the Client on This Type of Scam

  • Make it clear this is a common automated scam, not a sign of a real breach.
  • Advise:
  • Do not engage or reply to the message.
  • Do not pay any ransom. These attacks often rely on fear, not action.
  • If they’re concerned, they may forward the message to their IT or security provider.

5. Scan for Actual Breaches (if concerned)

  • While these emails are nearly always fake, if a client insists:
  • Review change history in Webflow CMS or Designer.
  • Reset Webflow passwords for any logged-in contributors.
  • Check Google Search Console to ensure no site warnings or injections.

Summary

Your clients are likely receiving common email extortion scams that falsely claim their Webflow site is hacked. These emails are hoaxes and not linked to a real breach. Confirm Webflow form security, turn on reCAPTCHA, and reassure your clients there’s no need to pay or respond.

Webflow Resources
Webflow templates
Webflow inspiration
Rate this answer

Other Webflow Questions

Explore Logic tutorials
How can I get the header and footer from other pages to appear on a new page in Webflow, and ensure that the same header and footer appear on any new pages I create?
Why is the [position:sticky] not working in Webflow?
What are the beginner-friendly ways in Webflow to add custom animation features using JavaScript? Thank you!
How can I optimize the responsiveness of columns on mobile in Webflow and achieve the desired positioning of 4 services per row?
Is it possible to implement lazy load images in Webflow CMS and has anyone successfully implemented code for this?
How do I use conditional visibility for dynamic site elements in Webflow?
How can I create a Webflow Buy Now button that bypasses the cart and takes the user directly to the checkout for a better UX for merchants with small inventories or binary product choices?
How can I link from a button on page 1 to a specific tab on page 2 in Webflow, which is located inside a section and needs to scroll down the page?
What are the steps to connect Mailchimp signup forms to a website on Webflow?
What could be causing the issue with the slider button on my Webflow website, where it is not clickable when the slider or the button itself is hovered?
How can I create a thumbnail image slider in Webflow without the lightbox feature?
How can I disable a submit button until all required fields are filled in on a form in Webflow?
How can I set up a Webflow popup form to only appear on a visitor's first visit to my home page and not on subsequent visits?
Can I change the login form from an email ID tag to a Username ID tag in Webflow? What is the Username ID for this feature?
How do I remove a pre-set "Area" in Webflow's grid system?
Can Webflow be used to call a CSS or JS file stored on a different server, instead of hosting them on GitHub?
How can I dynamically redirect to a CMS created after form submission in Webflow?
In Webflow, how can I hide specific elements in the footer (such as "Ramin Khaze The Difference" and "Schedule showing") when the URL contains a certain parameter, such as "?mls"? I am a beginner in coding and would appreciate any help. Thank you!
Can I capture a screenshot of a Webflow page on click and convert it to a downloadable PDF?
How can I alternate the layout of the image and heading for each collection item in a two-column format on Webflow?
How can I execute JavaScript code when clicking a specific button with a given ID in a Webflow project?
How can I disable the Webflow success or failure state for a sign-up form and display a custom thank you page using jQuery and the Webflow form submit state?
How can I create a vertical scrolling menu with Webflow, similar to the one on Apple's website, that switches to horizontal scrolling when the menu doesn't fit on one screen?
How can I change the language of the Google Maps embed from English to Arabic in Webflow?
How can I reduce the vertical space between lines within a bullet point in Webflow? Can I replace the bullet points with icons on the "Services" page?
How can the text color be changed for custom input fields on Webflow?
How can I add conditional visibility in Webflow to prevent a div from appearing on a published page if a CMS field is empty?
How can I stop a YouTube video from playing in the background in audio mode when I close a modal in Webflow?
How can I connect and use my JavaScript and CSS files for special functions and styles in Webflow?
How can I fix the "Ensure text remains visible during webfont load" warning in Webflow?