Mozilla has discovered a phishing campaign targeting add-on developers. Malicious actors are attempting to gain access to developer accounts via fake messages claiming that accounts need to be updated. Mozilla advises extreme caution when dealing with suspicious emails.
Mozilla has shared a series of measures to protect developers from this attack. The organization strongly advises against clicking on links in suspicious emails. Developers should check whether messages actually originate from a Mozilla domain: firefox.com, mozilla.org, mozilla.com, or their subdomains.
In addition, emails must pass SPF, DKIM, and DMARC verifications. Users can check this via their email provider’s documentation. Mozilla advises always validating links before opening them, or better yet, navigating directly to mozilla.org or firefox.com instead of via email links.
Fake messages imitating Mozilla
The phishing emails contain typical phrases such as “Your Mozilla Add-ons account requires an update to continue accessing developer features.” These fake messages are designed to trick developers into revealing their login details. The attack specifically targets creators of browser extensions that use Mozilla’s official distribution platform.
A crucial rule is that Mozilla usernames and passwords should only be entered on mozilla.org or firefox.com. Mozilla explicitly advises against clicking on any links. Further information on recognizing phishing is available from the US Federal Trade Commission and the UK National Cyber Security Centre.
Tip: Firefox now notifies you when you visit a hacked website