Webflow Phishing Scam: A heads up for Webflow agencies/freelancers 🫤

Just a heads up for other Webflow agencies/freelancers

We’ve recently been made aware that a client has received a targeted scam email impersonating our agency (me specifically) regarding their Webflow website (and domains).

It seems to be a more advanced phishing scam aimed at obtaining sensitive information, such as domain/website login details and/or payment information, which conveys a sense of urgency, e.g., “do this action before this date to avoid this penalty”.

It was sent from fake Gmail addresses, e.g., “agency.webflowpartner [AT] gmail [DOT] com,” and included details such as the site being built in Webflow (to make it sound more genuine).

I imagine they’re targeting clients from our Webflow public profile.

Unfortunately, amid the wave of AI automation, these types of scams seem to be becoming increasingly prevalent.

For reference, here’s the email:

Screenshot 2026-01-23 at 13.58.45792×696 94.6 KB

To be proactive, we’ve emailed our client base to inform them.

Hope this helps others

Hi there,

This is a classic example of a phishing scam targeting Webflow users. Here are the key warning signs to watch for:

• Urgent or threatening language
• Requests for sensitive information
• Suspicious email addresses attempting to look legitimate

Webflow will never email you requesting payment details, account passwords, or other confidential information. If you receive suspicious emails claiming to be from Webflow or our partners:

• Do not click any links
• Do not download attachments
• Do not respond to the email
• Forward suspicious emails to our Report Spam or Abuse Form

Hopefully this helps! If you still need assistance, please reply here so somebody from the community can help.