The open source community just got a fresh reminder that even trusted ecosystems like Mozilla’s are not immune to phishing attacks. According to a new alert, bad actors are actively targeting developer accounts on AMO (addons.mozilla.org), attempting to steal credentials by sending convincing but fake emails that impersonate official Mozilla communications.
The fraudulent emails follow a familiar pattern. They claim your developer account “requires an update to continue accessing features,” hoping to scare you into clicking a malicious link. But Mozilla is clear: do not click any links if you’re unsure of the source.
Instead, Mozilla recommends that developers take a few steps to protect themselves. First, check that any messages claiming to be from Mozilla are actually sent from a legitimate domain, such as mozilla.org, firefox.com, or mozilla.com. If an email appears suspicious, it’s smart to check whether it passes SPF, DKIM, and DMARC authentication protocols. Your email client might provide this info under headers or message details.
And even if a message passes those checks, developers are still urged to avoid clicking embedded links. It’s much safer to go directly to addons.mozilla.org by typing the address manually. Under no circumstance should you enter your credentials on any site other than an official Mozilla domain.
Phishing campaigns like this aren’t new, obviously, but their targeting of trusted platforms is becoming more brazen. Mozilla says it will share updates if new information becomes available. In the meantime, if you’re unsure about something in your inbox, it’s worth revisiting basic phishing hygiene.
For add-on developers whose work helps extend and secure the web, vigilance is no longer optional. Stay sharp, stay skeptical, and don’t let a spoofed email be the weakest link.
