Identifying and Reporting Phishing
4 min read
Phishing is a fraudulent technique used to impersonate legitimate trusted sources in order to collect sensitive data such as passwords, account details and credit card numbers.
Because Wix is a trustworthy and well-known service, attackers may attempt to impersonate Wix with fake emails and websites in order to target and deceive.
The information in this article can help you identify suspicious messages pretending to come from Wix, or other legitimate sources.
Suspicious emails
Phishing emails are sent by scammers attempting to impersonate an organization you trust. To help identify a phishing attempt, check for the following:
- Emails send from addresses that might appear official, but are slightly misspelt, such as vvix.com or wIx.com
- Emails that request your personal information
- Emails with links to download or view files from an unfamiliar source
- Emails directing you to an unofficial website
- Emails that contain grammar or spelling errors
- Emails that unnecessarily reference the full names of individuals from the organization they are attempting to imitate
Legitimate Wix emails are always sent from wix.com
If you received a suspicious email that appears to have been sent from Wix - or a company claiming to be associated with Wix - don’t click links, download attachments, or reply to the message. This could be a possible attempt to impersonate Wix for the purpose of gathering information.
Instead, forward the email directly to reportphishing@wix.com and include the full technical email headers. This will help us to investigate where the email came from, and to stop it from spreading to other users.
Click the relevant tab below for instructions on how to obtain email headers for your email provider.
Google
Microsoft
Yahoo
Apple
- On your computer, open Gmail.
- Open the email that you want to analyze.
- Next to the Reply icon , click the More icon and select Show original.
- Click Copy to clipboard.
- Open Google Admin Toolbox Messageheader.
- In the box, paste your header.
- Click Analyze the header above.
If you are using a different email provider, you can find out how to view your full message details by typing "get full email (provider name)" into your search engine, and selecting the help page for your email service provider.
Email protection
Wix employs a number of mail validation tools in order to protect our users including:
SPF
An SPF (Sender Policy Framework) record identifies which mail servers are permitted to send email on behalf of your domain. This record prevents spammers from sending messages with forged sender email addresses to your domain.
An SPF (Sender Policy Framework) record identifies which mail servers are permitted to send email on behalf of your domain. This record prevents spammers from sending messages with forged sender email addresses to your domain.
DKIM
DKIM (Domain Keys Identified Mail) is an email authentication method designed to detect email spoofing. DKIM allows the receiver to verify that the email received was indeed authorized by the owner of that domain.
DKIM (Domain Keys Identified Mail) is an email authentication method designed to detect email spoofing. DKIM allows the receiver to verify that the email received was indeed authorized by the owner of that domain.
DMARC
DMARC (Domain-based Message Authentication Reporting and Conformance) is an email validation system, designed to detect and prevent email spoofing. It helps to protect against forged sender email addresses that post as legitimate organization.
DMARC (Domain-based Message Authentication Reporting and Conformance) is an email validation system, designed to detect and prevent email spoofing. It helps to protect against forged sender email addresses that post as legitimate organization.
Suspicious websites
Phishing sites will often use a very similar domain name which visitors can easily overlook. For example, your domain name might be mywixsite.com, but the phishing site might have the domain name mywiixsite.com. These domain names look similar, but are spelled slightly differently in order to trick you.
The best way to recognize a phishing site is to check the domain name in the address line and compare it to the original site's domain name to verify its legitimacy.
If you think that you have been the target of a phishing attack from a site built with Wix, let us know immediately by filling out this form. The suspicious site will be removed.
Suspicious form submissions
Wix will never contact you about account, billing, domains, or any other issues through your site's contact forms, or site inbox.
While the email notification you would receive may come from an email address ending in @crm.wix.com, the content within this notification comes from what a site visitor has entered into your website’s contact form.
If you’ve received a suspicious form submission, you can report the message as spam directly from your Wix Inbox.
To help prevent most automated spam, you can enable a reCaptcha field on any of the forms on your site.
Did this help?
|