Watch out: Phishing email impersonating Wix claims your ‘payment method has been declined’

Posted by Akankasha Dewan on 16 April 2021 13:15:47 AEST

Popular website builder Wix is the subject of a phishing email scam intercepted by MailGuard.

Titled ‘Important Alert From Wix’, the malicious email uses a display name of ‘Support’. While the email body incorporates the company’s logo and branding, the domain used in the sender email address provided in the ‘From:’ field doesn’t belong to Wix – a red flag pointing to the email’s illegitimacy. The email body contains a header stating ‘Your Wix Payment Method Has Been Declined’. It informs recipients that their subscription payment has been declined for ‘the fourth time’ and directs them to update their payment information, or risk getting their account cancelled. A link is provided for users to update their payment details.

Here’s what the email looks like:



Unsuspecting recipients who click on the link are led to a login page employing the company’s logo and branding. It directs users to log into their Wix accounts in order to proceed, asking them for their username and password. However, the domain used in the URL of this page doesn’t belong to Wix. This is actually a phishing page on a compromised website, registered with and hosted with an American hosting service.

Here’s a screenshot of the page:

Wix 1-1

After users ‘log in’ into their Wix accounts, they are led to several similar phishing pages, asking them for their credit card details, billing address and email username and password, as per the below:

Wix 2-1


Wix 3-1

Wix 4-1


Once users provide all the required information, their credentials are harvested for later use, and users are redirected to the actual Wix website.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them. Please share this alert with your social media network to help us spread the word around this email scam.

Well-known companies like Wix are popular targets for scammers to impersonate because they are trusted names with large customer bases. Many companies also rely on Wix’s website building services to build their own websites, so receiving an email citing issues with their Wix account will naturally spark concern, motivating recipients to take action quickly.

Here are some techniques that cybercriminals behind this scam have employed to trick users:

  • The use of a display name like “Support” along with the inclusion of the subscription payment amount in the email. These details are common elements of notifications belonging to well-established organisations like Wix, boosting the email’s credibility and helping to convince recipients that there is actually a problem with their payment information,
  • An alarming subject & body; informing recipients in an email titled “Important Alert From Wix” that their account could be cancelled due to billing issues creates a sense of urgency, motivating users to take action immediately without checking on the email’s authenticity, and
  • The incorporation of the company’s logo and branding in the email and in the phishing pages. This helps to enhance the email’s legitimacy, motivating users to think that those pages actually belong to Wix.

Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and that the domain used in the phishing pages doesn’t belong to Wix.

To stay protected from scams like this, Wix lists the following advice in its support page:

To help identify a phishing attempt, check for the following:

  • Emails send from addresses that might appear official, such as or 
  • Emails that request your personal information. 
  • Emails with links to download or view files from an unfamiliar source. 
  • Emails directing you to an unofficial website. 
  • Emails that contain grammar or spelling errors. 
  • Emails that unnecessarily reference the full names of individuals from the organisation they are attempting to imitate.  

If you think that you have been the target of a phishing attack, let us know immediately by filling out this form. The suspicious site will be removed.

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from, and
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 


One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates



Topics: Phishing email scams fraud fastbreak Wix website builder

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all