Identifying and Reporting a Phishing Site

2 min read
A phishing site is a malicious website which impersonates a legitimate one in order to trick visitors into giving up sensitive information such as passwords, account details or credit card information.
The best way to recognize a phishing site is to check the domain name in the address line and compare it to the original site's domain name to verify its legitimacy. Phishing sites will often use a very similar domain name which visitors can easily overlook. For example, your domain name might be, but the phishing site might have the domain name These domain names look similar, but are spelled slightly differently in order to trick you.
Because Wix is a trustworthy and well-known service, attackers may attempt to impersonate Wix with fake emails and websites in order to target and deceive. 
Legitimate Wix emails always end with

To help identify a phishing attempt, check for the following:

  • Emails send from addresses that might appear official, such as or
  • Emails that request your personal information. 
  • Emails with links to download or view files from an unfamiliar source. 
  • Emails directing you to an unofficial website. 
  • Emails that contain grammar or spelling errors. 
  • Emails that unnecessarily reference the full names of individuals from the organization they are attempting to imitate.  
If you think that you have been the target of a phishing attack, let us know immediately by filling out this form. The suspicious site will be removed.

Wix employs a number of mail validation tools in order to protect our users including:

An SPF (Sender Policy Framework) record identifies which mail servers are permitted to send email on behalf of your domain. This record prevents spammers from sending messages with forged sender email addresses to your domain.
DKIM (Domain Keys Identified Mail) is an email authentication method designed to detect email spoofing. DKIM allows the receiver to verify that the email received was indeed authorized by the owner of that domain. 
DMARC (Domain-based Message Authentication Reporting and Conformance) is an email validation system, designed to detect and prevent email spoofing. It helps to protect against forged sender email addresses that post as legitimate organization.