Canva design platform actively abused in credentials phishing


Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages.

Canva is a graphic design platform that lets users create posters, letterheads, holiday cards, and other digital media that can then be downloaded as an image, shared as HTML with clickable links, or printed.

As part of its service, designers can generate shareable URLs so that friends and colleagues can view their work on

Sharing a Canva design
Sharing a Canva design

When sharing designs, a user who clicks on the link will see a full-page view and be able to interact with any embedded links or forms.

Canva’s hosting is abused in phishing scams.

In a new report by cybersecurity firm Cofense, threat actors are increasingly using Canva to create hosted HTML landing pages that are then used to redirect phishing victims to fake login forms.

As you can see from the spam email below, threat actors conduct a Phishing campaign pretending to be SharePoint eFax delivery notification. Embedded in this notification is a link to a phishing landing page hosted on

Phishing email
Phishing email

When a phishing victim clicks on the link, they will be brought to a Canva-designed intermediary HTML page hosted on This landing page pretends to be information about the Fax you received, with a clickable link that states it can be used to review the fax document.

Canva intermediary page
Canva intermediary page

Clicking on the link brings a victim to the final phishing landing page, where they are prompted to log in to see the document.

Phishing landing page
Phishing landing page

As you can expect, any login credentials you enter into this page will be stolen by the attackers.

Why use Canva?

It may be confusing why phishing campaigns are using Canva to host their pages rather than Google Docs, Sheets, or even Dropbox.

The likely reason is that Google and Dropbox have a long history of dealing with malicious threats and have better systems in place to detect and remove them.

Canva, on the other hand, is not designed to be a hosting platform but rather a platform for creating content that is not generally associated with malicious behavior.

Due to this, Cofense has found them to be far less efficient at finding hosted threats, and the landing pages tend to stay active for longer periods.

“Canva is probably aware of the problem, removing malicious files as and when they’re found but, as our research has concluded, many of these malicious files have remained on Canva’s hosted platform for hours and even days at a time. Sites, such as Google where hackers have traditionally hosted their phishing emails, appear to be a lot faster in detecting and removing them, which is another reason threat actors have begun to exploit the Canva platform,” Cofense explains in their report.

Furthermore, using Canva as an intermediary redirect page, when the final phishing landing page is taken down, the attackers can update their Canva designs to point to a new final phishing URL so that their campaign is not broken.

Source link

Recent articles

Blender 2.9 – Rolling Waves Looping Mograph Animation

Tom Latvys writes: In this tutorial, you'll learn how to create a looping mograph animation of some stylized rolling waves, using a few...

Sopra Steria Hit by New Ryuk Variant

French IT services giant Sopra Steria has said it will take weeks to return to normal after a serious ransomware attack forced key...

The Font of Misinformation and Lies at Trump Campaign Rallies

Thank you very — this is great. Hello. How are you? Thank you, everybody. Thank you very much. Thank you. Thank you. And...

RAAF F/A-18A ‘Classic’ Hornet makes final journey to museum | News

A Boeing F/A-18A ‘Classic’ Hornet formerly operated by the Royal Australian Air Force (RAAF) has made its way by road to the Australian...

Jack Ma is making history again with the Ant IPO, and getting even more wealthy while doing it

Financial tech company Ant Group's share sale in Hong Kong and Shanghai — the biggest in history — will catapult Ma to within...

Leave a reply

Please enter your comment!
Please enter your name here