Researchers have warned users of a new phishing technique which uses Google Translate to add authenticity to scams.
Akamai security researcher Larry Cashdollar explained in a blog post that he was targeted by this tactic early in the new year, receiving an email telling him his Google account had been accessed from a new Windows device.
Clicking through on the attached link would bring victims to a fake Google log-in page, with the malicious domain loaded through Google Translate.
“Using Google Translate does a number of things; it fills the URL (address) bar with lots of random text, but the most important thing visually is that the victim sees a legitimate Google domain. In some cases, this trick will help the criminal bypass endpoint defenses,” Cashdollar warned.
“However, while this method of obfuscation might enjoy some success on mobile devices (the landing page is a near-perfect clone of Google’s older login portal), it fails completely when viewed from a computer.”
This is because on a full computer screen, users can see the true malicious domain more clearly.
However, if a user falls for the scam, they will not only have their Google log-ins harvested but then be taken to a spoofed Facebook mobile log-in page.
“It isn’t every day that you see a phishing attack leverage Google Translate as a means of adding legitimacy and obfuscation on a mobile device, but it’s highly uncommon to see such an attack target two brands in the same session,” said Cashdollar.
“One interesting side note relates to the person driving these attacks, or at the least the author of the Facebook landing page — they linked it to their actual Facebook account, which is where the victim will land should they fall for the scam.”
He urged users to be more suspicious of unsolicited messages, especially if viewing them on their mobile device, and consider whether the author is trying to create a sense of urgency, fear, or authority to persuade the recipient to click.