Learn how to use Wix to build your site and business.

Design and manage your site using intuitive Wix features.

Manage subscriptions, plans and invoices.

Run your business and connect with members.

Learn to purchase, connect or transfer a domain to your site.

Get tools to grow your business and web presence.

Boost your visibility with SEO and marketing tools.

Get advanced features to help you work more efficiently.

Find solutions, learn about known issues or contact us.

Improve your skills with our courses and tutorials.

Get tips for web design, marketing and more.

Learn to increase organic site traffic from search engines.

Build a custom site using our full-stack platform.

Get matched with a specialist to help you reach your goals.

In this article

Suspicious emails
Handling a suspicious email
Email protection
Suspicious websites
Suspicious form submissions
Suspicious emails from “Wix Partners”
FAQs

Identifying and Reporting Phishing

7 min

In this article

Suspicious emails
Handling a suspicious email
Email protection
Suspicious websites
Suspicious form submissions
Suspicious emails from “Wix Partners”
FAQs

Phishing is a fraudulent technique used to impersonate legitimate trusted sources in order to collect sensitive data such as passwords, account details and credit card numbers.

Because Wix is a trustworthy and well-known service, attackers may attempt to impersonate Wix with fake emails and websites in order to target and deceive.

The information in this article can help you identify suspicious messages pretending to come from Wix, or other legitimate sources.

Suspicious emails

Phishing emails are sent by scammers attempting to impersonate an organization you trust. To help identify a phishing attempt, check for the following:

Check the sender
- Check the sender’s full email address carefully for misspellings, extra characters, or unusual mail domains that try to mimic Wix sender address formats (for example, noreply@vvix.com or wix-support-team@gmail.com).
Review the content of the email:
- Be cautious of emails which ask for your personal information, or ask you to download or view files from an unfamiliar source.
- Look out for grammar or spelling errors, overly urgent language, pressure to act immediately, or vague / incorrect information.
- Hover over any links in the email (without clicking) to see the actual destination URL.
  Tip: Links in official Wix emails will direct to Wix-owned sites and services.
Verify the information in your own Wix account:
- Sign into your Wix account directly (not through the email) and confirm if the message in the email matches what you see in your account. For example:
  - For anything related to plans, domains, or billing, check the Premium Subscriptions, Domains, and Billing History pages in your Wix account.
  - For account or site changes – review your Account Settings or Site Settings.

Wix may contact you from several official email addresses, depending on the product or service. These include:

@wix.com
@wixanswers.com (Wix Customer Care communications)
Specific service addresses such as:
- @wixsiteverifications.com
- @wixinvoices.com
- @wix-domains.com

We may also use additional email addresses for certain features, notifications, or billing communications.

Handling a suspicious email

If you received a suspicious email that appears to have been sent from Wix - or a company claiming to be associated with Wix - don’t click links, download attachments, or reply to the message. This could be a possible attempt to impersonate Wix for the purpose of gathering information.

Instead, forward the email directly to reportphishing@wix.com and include the full technical email headers. This will help us to investigate where the email came from, and to stop it from spreading to other users.

Click the relevant tab below for instructions on how to obtain email headers for your email provider.

Google

Microsoft

Yahoo

Apple

On your computer, open Gmail.
Open the email that you want to analyze.
Next to the Reply icon , click the More icon and select Show original.
Click Copy to clipboard.
Open Google Admin Toolbox Messageheader.
In the box, paste your header.
Click Analyze the header above.

Using a different email provider?

You can find out how to view your full message details by typing "get full email (provider name)" into your search engine, and selecting the help page for your email service provider.

Email protection

Wix employs a number of mail validation tools in order to protect our users including:

SPF
An SPF (Sender Policy Framework) record identifies which mail servers are permitted to send email on behalf of your domain. This record prevents spammers from sending messages with forged sender email addresses to your domain.

DKIM
DKIM (Domain Keys Identified Mail) is an email authentication method designed to detect email spoofing. DKIM allows the receiver to verify that the email received was indeed authorized by the owner of that domain.

DMARC
DMARC (Domain-based Message Authentication Reporting and Conformance) is an email validation system, designed to detect and prevent email spoofing. It helps to protect against forged sender email addresses that post as a legitimate organization.

Did you know?

A number of 3rd party fraud and phishing protection tools are available from the Wix App Market including Guardz and Blocky.

Suspicious websites

Phishing sites will often use a very similar domain name which visitors can easily overlook. For example, your domain name might be mywixsite.com, but the phishing site might have the domain name mywiixsite.com. These domain names look similar, but are spelled slightly differently in order to trick you.

The best way to recognize a phishing site is to check the domain name in the address line and compare it to the original site's domain name to verify its legitimacy.

If you think that you have been the target of a phishing attack from a site built with Wix, let us know immediately by filling out this form. The suspicious site will be removed.

Suspicious form submissions

Wix will never contact you about account, billing, domains, or any other issues through your site's contact forms, or site inbox.

While the email notification you would receive may come from an email address ending in @crm.wix.com or @wixforms.com, the content within this notification comes from what a site visitor has entered into your website’s contact form

If you’ve received a suspicious form submission, you can report the message as spam directly from your Wix Inbox.

Did you know?

To help prevent most automated spam, you can enable a reCaptcha field on any of the forms on your site.

Suspicious emails from “Wix Partners”

Wix Marketplace Partners are vetted professionals you can find in the Wix Marketplace. Because these Partners are visible and searchable, malicious actors sometimes impersonate them, or claim they’re “from Wix”, to gain access to sensitive information.

If you’ve received an unexpected message claiming to be from a Wix Partner, ask yourself:

Did you find them?, or did they find you?
Are they pressuring you to act urgently?
Do you understand exactly what work they’re proposing?, or is it vague?
Did you recently submit a project request for the work they are proposing?
Are they transparent about scope, pricing, and expected results?

Once you’ve considered the questions above, use the following checks to help confirm the Marketplace Partner’s identity before engaging further.

Verifying a Wix Marketplace Partner

To help you verify a Marketplace partner:

Check the sender’s email address carefully: Look for misspellings or extra characters in the domain. Scammers often use domain name lookalikes to appear convincing.
Find them yourself: Don’t click their links. From your account dashboard, go to My Projects and verify the contact details under Professional Details. Real Partners most often use the same contact details reflected on their own profile or website.
Validate their company presence: Cross-check the company's website and social links from the Wix Marketplace profile, not from the message you received.
Use Collaborator access only: You never need to share your Wix password or 2-step verification code. Instead, you can invite people to collaborate on your site with Roles & Permissions. This allows you to control who can make changes on your site and dashboard.

Tip:

Not all professionals or Partners who use Wix are in the Wix Marketplace. Anyone can apply to become a Partner. Apply the same safety checks above, and only grant access via collaborator roles, and not by sharing your login details.

FAQs

Click a question below to learn more about Wix security.

What should I do if I accidentally click on a phishing link?

How can I secure my Wix site from spam and phishing attempts?

Can I block specific site members from my Wix site?

What should I do if I suspect a fake Wix Partner?

Did this help?

Hire a ProfessionalGet matched with a Wix Partner who can help you reach your site goals.

Start Now

Helpmate

Hello

Need a bit more guidance?

Summary of this article

Site Reported for Phishing

Site Reported For Malware

Virus Protection on Wix

Unlock personalized helpLog in to get the most out of Helpmate.