Hey everyone,
We’ve recently picked up a very convincing phishing scam that’s targeting active Webflow clients and pretending to be coming from their Webflow Partner.
I wanted to post this here so agencies, freelancers, and site owners can be on high alert, because a few of our own clients have already engaged in back-and-forth conversations with the scammer (including cost negotiations) before looping us in.
What’s happening
Our clients have been contacted directly via email with a message that:
-
Claims to be from their Webflow Partner
-
References an “urgent update” from the Webflow team after an “internal platform compliance review”
-
States that their specific website is at risk of being flagged as non‑compliant
-
Threatens possible temporary unpublishing, restricted publishing access, or unplanned downtime if they don’t act before a specific deadline
-
Pushes the client to “reply as soon as possible” so the sender can “handle everything on their end”
The language is very polished and uses a lot of terminology that sounds legit to non-technical clients: “platform compliance review”, “CMS and structural integrity checks”, “legacy configuration updates”, “performance and publishing compliance checks”, etc.
Here’s a (redacted) example of the email content our clients received:
Hello [Client Name],
I hope you’re doing well.
I’m reaching out personally following an urgent update I received from the Webflow team yesterday, after their latest internal platform compliance review and partner-level discussions. This review directly affects your website.
As part of these ongoing reviews, Webflow actively audits sites across the platform and notifies the assigned Webflow Partner when technical or administrative action is required to ensure continued compliance, security, and uninterrupted service.
Following this review, Webflow has confirmed that your website requires immediate partner-level updates to remain fully aligned with their latest platform standards.
The areas identified for review and action include:
– Platform and legacy configuration updates
– CMS and structural integrity checks
– Review of custom code and third-party integrations
– Domain, hosting, and connected extensions validation
– Performance and publishing compliance checks
Important: Webflow has set a firm deadline of [date] for these items to be addressed. If they remain unresolved beyond this date, the site may be flagged as non-compliant.
As your partner managing Webflow compliance and technical oversight, my recommendation is to move forward immediately. We can handle everything on our end and ensure this is resolved cleanly and well before the deadline.
Please reply as soon as possible so we can proceed without delay and remove any risk to the site.
From there, the conversation can be steered toward charging the client for “urgent compliance work” or getting access to their accounts and data.
What we’ve checked on our side
To rule out any issues on our end, we’ve:
-
Reviewed our HubSpot account
-
Checked our accounting / invoicing systems
-
Reviewed our Google Workspace environment and security settings
So far we have no indication that this is coming from a breach in our systems. It looks like a targeted phishing campaign aimed at Webflow customers who work via Partners/Agencies.
Why this is so dangerous
-
The email sounds exactly like something a busy client might expect from a “partner” managing their Webflow site.
-
It uses fear of downtime, non‑compliance, and Webflow enforcement to pressure quick action.
-
It encourages the client to respond directly to the scammer, cutting the real agency/partner out of the loop.
We’ve already seen client-side email threads where they started to discuss scope, pricing, and “urgent work” before checking with us.
Has anyone else seen similar emails or patterns recently?
In the meantime, please treat any “urgent compliance review” emails that don’t come from a clearly verified source as highly suspicious.
