Fake Webflow / Framer professional website builder subscription payment failed, sites and CMS suspended, or custom domains offline phishing — fraudulent email impersonating Webflow or Framer claiming the subscription payment has failed, websites and CMS collections are suspended, or published sites and custom domains are no longer active — Webflow: 3.5M+ users, 300K+ paying ($14-212+/month Basic/CMS/Business/Enterprise); Framer: 1M+ users, rapidly growing ($15-45/month Mini/Basic/Pro); distinct from Wix/Squarespace consumer builder phishing; Webflow suspension takes all client-built sites and CMS-driven pages offline; agency plans affect multiple client websites simultaneously

Phishing emails impersonating Webflow or Framer claiming the professional website builder subscription payment has failed, websites and CMS collections are suspended, or published sites and custom domains are no longer active — directing them to update billing or restore website access through a credential-harvesting portal. Distinct from Wix/Squarespace consumer website builder phishing — targets design professionals and agencies. Key facts: (1) Webflow's visual CMS and hosting combination creates dual suspension urgency: Webflow serves 3.5M+ users with 300,000+ paying customers ($14-212+/month Basic/CMS/Business/Enterprise) — when a Webflow subscription lapses, both the website builder/CMS (the design tool) and the hosted website go offline simultaneously; editors who log in to update content see 'subscription inactive' errors, and visitors to the published site see a Webflow suspension page instead of the website; (2) Webflow CMS-driven sites lose live content updates simultaneously: Webflow CMS powers blog posts, product listings, team member pages, and portfolio entries that editors update regularly — a CMS suspension means no new content can be published and dynamic collection pages may return errors; for businesses using Webflow as their marketing website with regular blog publishing, a CMS suspension creates both editorial and public-facing failure; (3) Framer's rapid growth creates a novel phishing lure: Framer grew from a prototyping tool to a full website builder serving 1M+ users ($15-45/month Mini/Basic/Pro) with AI-powered website generation and custom domains — 'your Framer website and custom domain are suspended' is a relatively new phishing vector that Framer's rapidly growing user base has not been conditioned to verify skeptically; many Framer users are individual designers who manage billing themselves with personal cards; (4) Webflow for Agencies creates multi-client leverage: Webflow Agency/Enterprise plans give agencies a Workspace to manage multiple client websites under a single billing account — a suspended Webflow Workspace takes every client site in that workspace offline simultaneously, creating immediate client communication obligations across all accounts; (5) Webflow and Framer account credentials give attackers the ability to modify website content (injecting malicious scripts), access CMS content and form submission data, redirect custom domains to attacker-controlled pages, and access any connected e-commerce store data. Warning signs: sender not webflow.com or framer.com; genuine Webflow billing at webflow.com/dashboard; Webflow never requests payment via external email.