Mozilla has warned developers that a phishing campaign is targeting the AMO (addons.mozilla.org). The browser maker has warned Firefox add-on developers to exercise caution when receiving emails that claim to be from Mozilla/AMO.
I have an account that I use for managing my add-on collections, and received an alert about the phishing campaign.
Mozilla says that the phishing email may state some variation of this, "Your Mozilla Add-ons account requires an update to continue accessing developer features." Users are advised not to click on links in such emails, and to verify if the email passes SPF, DKIM, and DMARC checks.
Take a note of the email sender's address. Mozilla's official domains include firefox.com, mozilla.org, mozilla.com, and their subdomains (e.g. e.mozilla.org). When in doubt, just delete the mail, and go to the official websites directly.
One comment on Mozilla's blog is from Juraj Mäsiar, the developer of Group Speed Dials, who said that he received the phishing email, but it landed in his spam folder. Unfortunately, another developer wasn't so lucky, and seems to have fallen victim to the attack, but have deleted their add-on as a precaution.
Now, I'm not saying the following is linked to the phishing campaign, but there was one user who reported that they received an email from accounts@firefox.com, which claimed that their account will be deleted. But this user never used Firefox. Given the timing of the mail and the alert about the phishing campaign, it is not far-fetched to say they could be linked. Maybe some hackers got their hands on some email database, and are sending mails to users hoping to trick some people.
You should enable 2FA on your Firefox account, if you haven't done so already. Speaking of which, there are a couple of reports that say users were unable to activate 2FA on their account.
If you have signed up for an account to create collections at Firefox AMO, you should be careful. Maybe the hackers got mad about the AMO's terrible new design, eh?
Don't forget to read Martin's article about a new phishing campaign in that hides malicious URLs in Proofpoint, Intermedia wrappers.
Thank you for being a Ghacks reader. The post Mozilla warns about phishing campaign that targets Firefox add-on developers appeared first on gHacks Technology News.
☞ El artículo completo original de Ashwin lo puedes ver aquí
No hay comentarios.:
Publicar un comentario