Hackers Using Fake Canva Doc to Trick Users

Hackers often utilize popular websites in their phishing attacks as a way to get around the security systems that your organization has in place. If it’s a big familiar name you probably won’t doubt its authenticity.

Recently, Canva, a graphic design platform was manipulated for criminal purposes. Canva offers users ways to create and share visual marketing content.

Cybercriminals are using Canva to create an official-looking document that contains a clickable, malicious link. Creating and storing this document on Canva allows the attackers to get through security measures because Canva is a legitimate website.

According to Knowbe4, once the scammers have created and stored their file on Canva, they will send you an email that includes a link to this malicious file. The email claims the link leads to an important document that needs your attention. However, if you click this link, you are taken to the Canva file and prompted to click another link in order to view the document mentioned in the email. Clicking this second link will redirect you to a phony login page for your email provider. Any data entered on this page will be sent directly to the hackers.

Don’t get duped!

Remember these tips:

• Never click a link in an email that you were not expecting.
• Call the sender to be sure the email and link are legitimate. Do not call the phone number provided within the email as it may be a fake number.
• When you’re asked to log in to an account or online service, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site and not a phony look-a-like.

If you need help with cybersecurity services contact us at [email protected].

Source: Knowbe4

Image Source: https://www.pexels.com/photo/person-holding-silver-iphone-6-5082576/