Has anyone else using Webflow had clients report receiving emails claiming their website has been hacked and requesting ransom in bitcoin? We've had two clients report this issue in one morning. Any advice or insight would be greatly appreciated.

TL;DR
  • Verify there's no actual breach by checking Webflow settings, custom code, CMS content, and scanning the site using Google Safe Browsing and Have I Been Pwned.  
  • Ensure DNS records are correct, WHOIS info is private, email addresses are protected, SPF/DKIM/DMARC records are set, and reassure clients the phishing email is a common scam with no real compromise.

Yes, several Webflow users have reported similar scareware or phishing emails—these are common spam tactics, and they're not typically linked to an actual website breach. Here’s what’s going on and how to respond.

1. Understand the Type of Attack

  • This is commonly known as a sextortion scam or phishing email, often claiming the site has been “hacked” or that data has been stolen.
  • The email usually includes a Bitcoin wallet, a warning not to “alert authorities,” and vague threats.
  • These emails are typically automated and sent in bulk to publicly listed domain registrant emails or emails found on the site itself.

2. Confirm There's No Real Breach

  • Check your Webflow project settings for unauthorized changes, particularly in CMS content, custom code (in the Pages or Project settings → Custom Code tabs), and redirects.
  • Run the website through a Google Safe Browsing check (https://transparencyreport.google.com/safe-browsing/search).
  • Use tools like Have I Been Pwned (https://haveibeenpwned.com/) to check if any associated admin email addresses were found in past breaches.

3. Check Your DNS & Domain

  • Log into your domain provider and confirm there’s no unauthorized activity.
  • Ensure DNS records (especially A records and CNAME) still point to Webflow: (a) 75.2.70.75, (b) 99.83.190.102.
  • Make sure domain contact information is private or anonymized—public WHOIS data can be harvested by bots.

4. Improve Email Security

  • If your clients' email addresses are listed on the site, make sure they are protected using form submissions rather than mailto: links.
  • Suggest they implement SPF, DKIM, and DMARC records on their mail server to reduce spam/fraud.
  • Recommend using a premium email provider with built-in phishing detection (e.g., Google Workspace, Microsoft 365).

5. Communicate With Clients

  • Reassure them this is a common scam not tied to any verified breach unless you find otherwise.
  • Recommend not responding and not sending money.
  • Direct them to mark the message as spam and possibly report it to authorities using resources like https://www.ic3.gov (if in the U.S.).

Summary

Your clients are likely the target of a widespread phishing campaign, not a real Webflow breach. Review their site settings, confirm DNS integrity, secure any public-facing emails, and reassure them they can ignore the scam messages.

Webflow Resources
Webflow templates
Webflow inspiration
Rate this answer

Other Webflow Questions

Explore Logic tutorials
How can I create animations that trigger when scrolling to different sections on my website built with Webflow and using CSS Scroll Snap, even when the "scroll into view" interaction doesn't work correctly?
Will Webflow Ecommerce allow the addition of form fields and customization of checkbox default status in the checkout form, or is this a permanent limitation?
How can I bypass Webflow's limitation for nested collection lists in static single pages and use unlimited nested collections with more than 5 items using a lightweight jQuery with no performance issues?
How can I fix the "Add expires headers" issue in GTMetrix for my Webflow site?
How can I fix the issue with interactive map embeds not scaling on tablet and mobile devices on my Webflow website?
How can I make a dropdown open automatically when the page loads in Webflow?
What is the simplest method to store user inputs, perform calculations, and generate a personalized quote for a residential solar company on a Webflow site? I've heard about using custom JS, but I'm not sure where to host such functions and data. I've also read about using Google Sheets and Zapier. Any suggestions?
How can I install ReCaptcha v3 in Webflow to prevent spam through the contact form? The spam is coming from a sender named "Joe Miller" and it has been causing a nuisance. Thank you for any tips or advice.
Is it possible to embed PHP and HTML code in a Webflow page to create a login form and validate user existence in a database?
What is the recommended approach for integrating a store pickup solution with Webflow for a restaurant business, if I previously used Zapiet on Shopify?
How can I create a slider effect on Webflow?
How can I autoplay a muted video on loop in Webflow, with responsive behavior on all screen sizes including mobile, and hiding the player controls?
How can I easily change the default styling of my website in Webflow without having to update each individual item? Is it possible to change the default font through CSS or with custom code in the head?
How can Webflow be configured to improve mail-client-friendliness and avoid emails being marked as spam when testing form emails?
Is it necessary to prioritize responsiveness below 320px width in Webflow, or is it an insignificant number of users who still read on these screens? What is the common wisdom regarding this matter?
Can I capture a screenshot of a Webflow page on click and convert it to a downloadable PDF?
How can I alternate the layout of the image and heading for each collection item in a two-column format on Webflow?
How can I execute JavaScript code when clicking a specific button with a given ID in a Webflow project?
How can I disable the Webflow success or failure state for a sign-up form and display a custom thank you page using jQuery and the Webflow form submit state?
How can I create a vertical scrolling menu with Webflow, similar to the one on Apple's website, that switches to horizontal scrolling when the menu doesn't fit on one screen?
How can I change the language of the Google Maps embed from English to Arabic in Webflow?
How can I reduce the vertical space between lines within a bullet point in Webflow? Can I replace the bullet points with icons on the "Services" page?
How can the text color be changed for custom input fields on Webflow?
How can I add conditional visibility in Webflow to prevent a div from appearing on a published page if a CMS field is empty?
How can I stop a YouTube video from playing in the background in audio mode when I close a modal in Webflow?
How can I connect and use my JavaScript and CSS files for special functions and styles in Webflow?
How can I fix the "Ensure text remains visible during webfont load" warning in Webflow?
How can I implement a ThreeJS script as a background for my Webflow project using custom code?
How can I send data from a Webflow Form to ActiveCampaign without using Zapier? I have set the form to POST and input the form's action URL, similar to Mailchimp but it redirects me to the admin area of ActiveCampaign without sending the data. Has anyone had success with this method?
Can Webflow be used to create a "blob" elements effect in the header of a website using custom code or JavaScript?