Webflow sync, pageviews & more.
NEW

Has anyone else using Webflow had clients report receiving emails claiming their website has been hacked and requesting ransom in bitcoin? We've had two clients report this issue in one morning. Any advice or insight would be greatly appreciated.

TL;DR
  • Inform clients that the extortion emails are common scams with no evidence of a breach and advise them not to engage with or pay scammers.
  • Recommend updating CMS passwords, enabling 2FA, reviewing form submissions for spam, using domain privacy, and reporting scam emails.
  • Reassure clients that Webflow’s infrastructure is secure and monitor official channels for any true incidents.
  • Support clients with template responses and suggest implementing DMARC, SPF, and DKIM email authentication.

It sounds like you’re dealing with email-based extortion scams targeting clients whose websites are built on Webflow. These scams are widespread and usually not the result of an actual hack.

1. Nature of the Threat

  • Extortion emails typically claim the website was hacked and demand Bitcoin payments.
  • In most cases, no breach has occurred — it’s an attempt to scare clients into paying without verifying the claim.
  • The scammers often get email addresses from public WHOIS records, contact forms, or website scraping.

2. Immediate Actions to Reassure Clients

  • Inform clients that these emails are highly common and usually fake.
  • Advise them not to respond or pay any ransom.
  • Assure them that Webflow’s infrastructure is secure, and your team has seen no evidence of unauthorized access.

3. Recommend Best Practices

  • Update website CMS passwords to strong, unique ones for extra precaution.
  • Ensure two-factor authentication (2FA) is enabled on Webflow project accounts and CMS logins.
  • Check form submissions in Webflow under Project Settings > Forms for any spam behavior.
  • Advise clients to use domain privacy protection if their WHOIS records are public.
  • Direct clients to report scam emails to the appropriate authorities (e.g., FTC, local cybercrime divisions).

4. Webflow’s Security Perspective

  • Webflow-hosted sites run on AWS (Amazon Web Services) with enterprise-grade security.
  • If a Webflow website actually had security issues, Webflow would notify the customer directly.
  • Always stay updated via status.webflow.com for any platform-wide incidents (none are currently reported related to this).

5. How to Support and Educate Clients

  • Provide them with a template message they can use to respond (or to inform colleagues) about the scam.
  • Suggest using DMARC, SPF, and DKIM email authentication records if they manage their own email domains.

Summary

The emails your clients received are typical Bitcoin ransom/extortion scams and not the result of a breach of their Webflow sites. It's important to reassure clients, recommend basic security hygiene, and encourage them not to engage with or pay scammers. Always monitor Webflow's official communications for any real security updates.

Webflow Resources
Webflow templates
Webflow inspiration
Rate this answer

Other Webflow Questions

Explore Logic tutorials
Is it possible to preserve the aspect ratio when scaling a Lottie image sequence in canvas mode in Webflow, similar to how it is achieved in SVG?
How do I track button clicks on my website using Google Analytics and Webflow?
How can I use basic math to calculate and display the total time for a recipe page in Webflow CMS?
How can I achieve a fixed navigation menu at the top of my website using Webflow?
How can I put text within a text block in Webflow without accidentally clicking on background elements like sections or divs?
How does changing from WordPress to Webflow affect the link structure and SEO of my website, including already shared links on social media?
Hi Webflow Community, has anyone successfully used a custom code workaround to make a CMS field automatically populate a paragraph or text form field? I recall a tip from 2016 advising to add a "hand-coded" form in the dynamic embed code and populate the input tags with dynamic data. If anyone has experience with this or could provide a custom code snippet, I would greatly appreciate it. Thank you!
How can you achieve a responsive background image in Webflow without sacrificing loading speed for mobile users?
How can I unlink and relink CMS elements in Webflow, specifically the current CMS category, and bind it to a new one?
Why are the thumbnail images not displaying on certain projects in the exported version of my Webflow portfolio site, specifically on mobile, when they appear fine in the Webflow preview?
Where can I give my client designer rights in Webflow to allow them to implement smaller changes without needing to involve me?
How can I create a membership portal within Webflow using Authpro integration?
What are the limitations on the number of fields in a collection in Webflow's CMS after purchasing the CMS or BUSINESS site plan?
Why does Webflow publish two instances of the same article despite there being only one in the website code?
What are the two types of Parallax implementation on my Webflow Codes and Tutorials site?
Can Webflow be used to call a CSS or JS file stored on a different server, instead of hosting them on GitHub?
How can I use the Finsweet script to manage two different sliders on my Webflow page, each feeding content from different collections?
How can I prevent a full-screen slider in Webflow from pausing on hover? Additionally, I would like to link two sliders to one control or navigation. Can anyone with JavaScript knowledge help me achieve this?
How can I change the language of publication dates in Webflow CMS collection from English to Portuguese?
How can I dynamically redirect to a CMS created after form submission in Webflow?
How can I disable right-clicking on images to prevent downloading on my Webflow portfolio website?
In Webflow, how can I hide specific elements in the footer (such as "Ramin Khaze The Difference" and "Schedule showing") when the URL contains a certain parameter, such as "?mls"? I am a beginner in coding and would appreciate any help. Thank you!
How can I prevent the "w-current" class in Webflow from overriding the height of my custom class on a link block element?
Can anyone help me add a digital clock and date to my Webflow site? I've been able to add custom code, but I need assistance with styling the text. Thank you in advance for your help!
Can I capture a screenshot of a Webflow page on click and convert it to a downloadable PDF?
How can I pull the stored email from the first form submitted on our website and input it into a field on a later form during the sign-up process in Webflow? I have tried using the provided script but it only displays "undefined" in the field. I don't have much knowledge of JavaScript and found this script online.
How do I mirror user input from a form field to a non-form text field on the same Webflow page in real-time using JavaScript?
When will Webflow update the "Select Field" component to allow for a placeholder with different colors before and after selection, without the need for a label above the field?
Is there a way to auto-scroll the page in Webflow after a certain amount of time, without the script automatically scrolling back up if the user has already scrolled past the designated point?
How can I close a dropdown in Webflow when clicking on a link?