Canva design platform actively abused in credentials phishing

guest · Oct 14, 2020

Canva design platform actively abused in credentials phishing
October 14, 2020
https://www.bleepingcomputer.com/ne...form-actively-abused-in-credentials-phishing/

Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages.

Canva is a graphic design platform that lets users create posters, letterheads, holiday cards, and other digital media that can then be downloaded as an image, shared as HTML with clickable links, or printed.
As part of its service, designers can generate shareable URLs so that friends and colleagues can view their work on canva.com.
Click to expand...

Canva's hosting is abused in phishing scams.
In a new report by cybersecurity firm Cofense, threat actors are increasingly using Canva to create hosted HTML landing pages that are then used to redirect phishing victims to fake login forms.

As you can see from the spam email below, threat actors conduct a Phishing campaign pretending to be SharePoint eFax delivery notification. Embedded in this notification is a link to a phishing landing page hosted on canva.com.

Clicking on the link brings a victim to the final phishing landing page, where they are prompted to log in to see the document.
As you can expect, any login credentials you enter into this page will be stolen by the attackers.
Click to expand...

Cofense: Threat Actors Use Canva Templates for Credential Phishing

Over the past weeks, the Cofense Phishing Defense Center (PDC) has seen an increase in the number of attackers deploying Australian design platform Canva in their attempts to trick unwitting recipients into giving up their login credentials for a number of well-known email platforms.
Click to expand...

Log in or Sign up

Canva design platform actively abused in credentials phishing

guest Guest

Log in or Sign up

Canva design platform actively abused in credentials phishing

guest Guest

Useful Searches