Fake Canva home page leads to browser lock

In a previous blog post, we showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating. We continue this series with another clever trick abusing Canva, a popular online tool for graphic design.

This time, the scammers registered an account on Canva to create a new design that, is in fact, a replica of the Canva home page. As victims come from a malicious ad, they land on this deceiving page that lures them into interacting with it. The result: as soon as you click on the image, your browser is hijacked with a fake Microsoft alert.

In this blog, we share the details of yet another abuse of the online experience. We have reported this malicious campaign to both Google and Canva.

Convincing search ads

We identified two different advertiser accounts involved in creating fraudulent ads for the design platform Canva. The corresponding ads from both advertisers were displayed at the very top of the Google search page results, as seen in the image below.

There is very little that tells you that those ads are fake, and since most people trust what they see, they will likely be inclined to click on them.

Scammers created a free account on Canva and made a design that looks just like… Canva’s home page. Of all the possible art they could have created, they chose to take a screenshot of Canva’s site and use it as their creation.

This is their “trick”, they want users to think they have landed on the real website and expect them to click on the ‘Start designing’ button:

Malicious URL opens up fake Microsoft alert

If we look at the source code behind that design, we see something rather interesting: a hyperlink to an external site. This means that if you click on the image, a new tab (target=”_blank”) will open at the given URL.

This URL hijacks your browser and claims “Windows locked due to unusual activity”:

Threat actors from different walks of life are leveraging a powerful combo: branded Google ads and decoy pages. This allows them to lure in a large number of potential victims right from search engine to scams or malware.

The bottom line is you simply can’t trust what you see, as everything is made to look legitimate in one way or another. To regain control of their web browsing experience, users need to be more proactive and use any of the tools at their disposal.

Malwarebytes continues to hunt for malvertising schemes and diligently reports them to the platforms that are being abused. For additional protection, we recommend our free Browser Guard extension.