Mozilla is sounding the alarm over a sophisticated phishing campaign that’s targeting users of its Add-ons platform. If you’ve received an email that looks like it’s from Mozilla — particularly one claiming your account needs to be updated to retain access to developer tools — do not click any links. The company confirmed via a recent blog post that cybercriminals are using convincing tactics to steal login credentials from unsuspecting recipients.
Reports from BleepingComputer suggest that the phishing emails often contain messages such as, “Your Mozilla Add-ons account requires an update to continue accessing developer features,” among other similar variants. These scams are designed to exploit users’ trust in Mozilla’s branding and catch developers off guard by mimicking legitimate security notices.
Unfortunately, this isn’t the first security issue Mozilla has faced this year. The Firefox add-on store has already been plagued with fraudulent cryptocurrency wallet extensions — some of which evaded detection even after the company implemented auto-screening measures. While Mozilla is working to tighten its defenses, the recurring nature of these threats highlights how persistent attackers have become.
Online safety is becoming more difficult to maintain as phishing attempts evolve and crop up in unexpected places. Some even appear in AI-generated content or trusted email platforms. As phishing campaigns grow more advanced, users need to stay alert, verify the legitimacy of all digital messages, and avoid interacting with suspicious content — even if it appears to come from a familiar name.