Targeted Impersonation and Phishing Attack on Qontour Clients

Incident Overview

Threat actor(s) are leveraging publicly available Qontour agency and client information by cross-referencing our public Webflow Partner Profile with our website and LinkedIn profile(s). By scraping our client portfolio and team member names, they have crafted personalized emails designed to bypass standard spam filters.

This is not the result of a security vulnerability or data breach at Qontour. This is an external social engineering attempt using publicly accessible attribution data. There has been no breach of Qontour’s internal systems, client databases, or Webflow project environments.

Characteristics of the Phishing Attempt

• Sender: Sent from a look-alike Gmail address: qontourteam.webflowpartner@gmail.com.
• Persona: Impersonating Qontour team member(s).
• Tactics: Citing "Webflow Compliance Audits" and "Technical Performance Alignment" to create a false sense of urgency.
• Threat: A 48-hour ultimatum to "unpublish" client sites to mitigate their own "liability."

Our Response

• Direct Confirmation: Qontour will never communicate via a generic Gmail address. All official technical and billing correspondence originates from our @qontour domain.
• Reporting: Qontour has requested that anyone receiving these messages flag them as Phishing in their mail client and report the sender to Google's Abuse team.

Rest assured, client Webflow sites are secure, compliant, and under no risk of disconnection from our end. We have already escalated this incident to Webflow Security and Google Abuse to have the fraudulent account and any associated infrastructure dismantled.

Thank you for your vigilance, and let us know if you have any further questions or concerns.

Gala Aranaga
‍Founder & CEO, Qontour
(formerly Prompt Digital)