Fake Figma / Canva design file share credential phishing — impersonates Figma, Canva, Adobe XD, or Sketch with a fake "someone shared a design with you" notification requiring Google or Microsoft sign-in on a non-official domain; designers receive legitimate file-share invitations constantly and have been conditioned to click without verifying the sender domain; Proofpoint 2024: Figma impersonation phishing up 300%; Cofense 2024: design-tool lures are the fastest-growing new phishing category in tech industries

Phishing emails impersonating Figma, Canva, Adobe XD, or Sketch with a fake "someone shared a design file with you" or "you have been invited to view a prototype" notification that requires Google or Microsoft 365 credential sign-in on a non-official domain — enabling full account takeover for the design team's workspace, connected apps, and shared asset libraries. Key facts: (1) Proofpoint 2024: Figma impersonation phishing increased 300% as remote design collaboration became the default workflow for product, marketing, and engineering teams; Cofense 2024: design-tool lures represent the fastest-growing new phishing category in creative and tech industries, driven by the high frequency of legitimate file-share emails that condition recipients to click without verifying sender domains; (2) The attack is particularly effective because legitimate Figma, Canva, and Adobe XD file-share emails are received daily by designers, product managers, and marketers — the conditioning is so strong that recipients rarely check whether "noreply@figma-design-share.com" differs from "noreply@figma.com"; the email layout closely mimics the real Figma/Canva notification format, including design thumbnail previews and "Open in Figma" button styling; (3) The credential goal goes beyond just the design account: because most Figma and Canva logins are "Sign in with Google" or "Sign in with Microsoft," the harvested credentials give the attacker access to the victim's Google or Microsoft account — full email, calendar, Drive/OneDrive, and all SaaS apps authorized under those accounts; (4) Legitimate Figma notifications arrive only from no-reply@figma.com; Canva from team@canva.com or similar @canva.com addresses; Adobe from email.adobe.com — and they never require the recipient to re-enter Google or Microsoft account passwords to open a shared design. Warning signs: sender domain not figma.com, canva.com, or adobe.com; "view design" requires Google/Microsoft login on a non-official domain; no specific design file name, designer name, or project context visible before signing in.