Canva Served Notice as Criminals Misuse Design Platform for Phishing, Experts Warn of Other Apps Too

The Indian Cybercrime Coordination Centre (I4C), under the Ministry of Home Affairs, has identified Canva phishing domains being used for hosting criminal activities such as creating fraudulent documents. Canva is a global online visual communications platform featuring easier options for users to use wide range of templates ranging from presentations, documents, websites, social media graphics, posters, etc. The company is headquartered in Australia.

News18 sent an email to Canva, but there was no response from the company till the publication of this report.

It is important to note that apart from Canva, there are several other graphic designing tools that are available online, which can be used for similar illegal activities. It is, however, unclear if any other platforms are also under the scanner of I4C.

According to Amit Prasad, founder and CEO, SatNav Technologies, “there are hundreds of applications in the IT world today which can be used for frauds”. “A couple of decades ago it used to be basic MS Office editing to fake an experience letter or a salary slip, now it has evolved. How those companies will be held liable and whether it will stand judicial scrutiny is yet to be seen because it is not right to blame them. They control the ability to design, they don’t control its end usage which might be criminal in nature.”

Canva, which has now 170 million users across 190 countries, is available online and is free to use for most, making it easier to abuse the platform. As of March 2024, Canva said that it only has 17 million paid users out of its 170 million users.

A notice has been issued to Canva, urging action against such misuse, seeking required action against such activities. This abuse of Canva’s services includes the creation of fraudulent documents, phishing materials, and other types of malicious content, a senior official told News18 on the condition of anonymity.

A senior official has been appointed to represent the department to issue Notice U/s 79 (3) (b) of Information Technology Act-2000 r/w 3(1) (d) of IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, to disable access and or remove the information identified in the enclosed videos/document as soon as possible and in given hours, without vitiating the evidence in any manner.

The centre, which coordinates with all the agencies regarding cyber frauds, has also said that failure to remove the above content may render the platform to “lose intermediary exemptions as provided under the IT Act and rule 7 of the IT Rules”.

Sources in the ministry said that various criminals are using Canva for phishing and cyber frauds on the pretext of giving help on a wide range of issues. Sources said by calling or clicking on the link of dubious websites that have created their templates on Canva, persons who need different types of cyber, job, or finance-related help get into trouble as criminals dupe them.

The company, meanwhile, claims that it provides templates ranging from presentations, documents, websites, social media graphics, posters, apparel to videos, plus a huge library of fonts, stock photography, illustrations, video footage, and audio clips, and “anyone can take an idea and create something beautiful on Canva on any device, from anywhere in the world”.