Mozilla has issued a warning to developers who publish browser extensions on its official platform, addons.mozilla.org (AMO), about a new phishing campaign targeting their accounts. The attackers are reportedly sending emails that falsely claim to be from the Mozilla team, attempting to trick developers into giving away their login credentials.
AMO is the central hub for Firefox browser extensions, hosting more than 60,000 add-ons and over 500,000 visual themes. These are used by millions of Firefox users across the world, making the platform a valuable target for cybercriminals.
In its advisory, Mozilla stated that the scam emails are disguised to look like official communication from its staff. The messages often claim that the developer’s account needs to be updated in order to continue using certain features. This tactic is meant to create urgency and increase the chances of the developer clicking on a malicious link.
Mozilla urged developers to be extra cautious and double-check any email they receive related to their add-on accounts. Specifically, it advised checking if the message came from a genuine Mozilla domain such as mozilla.org, mozilla.com, or firefox.com. In addition, developers should make sure that the email passes technical checks like SPF, DKIM, and DMARC, which are designed to verify the sender’s identity.
To avoid falling victim, Mozilla recommends that developers avoid clicking on any links in suspicious emails. Instead, they should
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: