Mozilla warns of a phishing campaign exploiting Firefox’s add-on platform to deceive developers.
Firefox owner Mozilla warns of an active phishing campaign. This time, it targets add-on developers rather than web browser users. The phishers pose as the official platform from which developers can add and manage such add-ons.
The attack script reads like a classic phishing attack. Developers receive an email stating they need to update their account. The link leads to a fake page that closely mimics the developer platform. So closely that at least one developer has already clicked the fake link, according to responses to Mozilla’s post.
read also
Phishing Campaign via Firefox Targets Developers
Whether more developers have done so and what they can do afterward is not publicly disclosed by Mozilla. It shares some guidelines to prevent developers from being caught. These are no different from how you recognize and avoid a phishing attack. Critically examine the sender’s address, the URL you’re led to, and never enter login details via a link received by email.
Fake Add-Ons
Add-ons can add useful new features to a browser, but they are often also the target of fraudsters. In the past, add-ons have emerged that tried to steal login credentials or cryptocurrencies from internet users. Mozilla must continuously fight to keep fake extensions out of the Firefox browser.
Today, Firefox has more than 60,000 available extensions and over 500,000 customizable themes that you can download for the browser. The advice here is to do this only via Mozilla’s official page.