Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages. Canva lets users create posters, letterheads, holiday cards, and other digital media that can then be downloaded as an image, shared as HTML with clickable links, or printed. Threat actors are increasingly using Canva to create hosted HTML landing pages that are then used to redirect phishing victims to fake login forms. A new report by cybersecurity firm Cofense says Canva’s hosting is abused in phishing scams.
Source: https://www.bleepingcomputer.com/news/security/canva-design-platform-actively-abused-in-credentials-phishing/