Digital behemoths have been working hard to protect information and safeguard their users’ credentials, but phishing attacks still remain an issue. While it is common to attempt phishing scams via email, there are now reports of Google Translate being used to conduct phishing attacks to target a user’s Google as well as Facebook credentials.
As per a report, this recent phishing scam seeks to take over users’ Facebook and Google login details via Google Translate. According to Larry Cashdollar, a security researcher from Akamai Security Intelligence Respond Team who first spotted it said that it uses Google Translate to make the phishing page appear like it’s from a Google domain.
Cashdollar noted that an email with a suspicious Google alert was sent notifying him about an unrecognised Windows device used to sign into his Google account. The phishing emails popped up as alerts with the subject “Security Alert,” as per the report.
Notably, the researcher first saw the email on his phone but rather than opening it on mobile, he tried examining the email on his laptop. The red flags that became ‘apparent’ in the laptop showed the body of the email contained a standard notification from Google directing him to a link to take steps and check out the unusual activity in his account. The link was for a malicious site designed to trick users in giving their Google login details.
Apparently, to mask the explicit nature of phishing, the malicious webpage link was first run through Google Translate. This was done so that the malicious link’s webpage began with translate.google.com. If you are not too attentive, this would be taken to mean a genuine page.
“Using Google Translate does a number of things; it fills the URL (address) bar with lots of random text, but the most important thing visually is that the victim sees a legitimate Google domain. In some cases, this trick will help the criminal bypass endpoint defences. However, while this method of obfuscation might enjoy some success on mobile devices (the landing page is a near-perfect clone of Google’s older login portal), it fails completely when viewed from a computer,” said Cashdollar on the Akamai blog.
If one isn’t too cautious, then he or she would share their Google login credentials which would be sent to the attacker.
If you fall for this scam, the attacker then initiates a second attack — targetting your Facebook account — by asking you to provide your Facebook login details by showing you a Facebook Mobile login screen. The phishing scam then collects information including IP address, location, additional personal information etc.
The phishing mail is being circulated using the email ID: [email protected] This should itself raise your suspicions — why would a ‘Facebook’ email ID using ‘Hotmail’ be warning you about your ‘Google’ account?
Google hasn’t yet commented on the issue. But as a practice, just be more vigilant while opening links or emails which warn you about your Google logins from unknown devices. Check the link if you do get such mails.
The European Union’s GDPR (General Data Protection Regulation) related phishing scams that spread malware and stole personal data by tricking recipients caught attention last year. Researchers at cybersecurity firm Redscan discovered the phishing scam in an email sent by hackers disguised as Airbnb’s customer support.