Cybercriminals are getting smarter with every passing day.
This time, hackers are trying to lead internet users to phishing websites through Google Translate.
Hackers and cybercriminals keep upping their game and coming up with newer, ingenious methods every now and then since internet users are more informed than ever before. They are now beginning to understand that sharing their OTPs, clicking on dubious links and sharing banking and other details with strangers could land them in trouble.
Phishing attacks usually come in the form of getting internet users to sharing confidential details about themselves by creating fake pages. In the past, hackers mask their efforts to dupe internet users by mimicking popular websites like Netflix to unsuspecting victims into sharing details. Many times, these attacks come in the form of ‘security alerts’ and other ‘warning’ messages.
The crudest phishing scams come in the form of fake pages created by hackers to look like some very popular websites but hosting them on slightly different domains. Like perhaps spottifyy.com.
Hackers Hide Behind Google Translate
This time around, cybercriminals are hiding their fake URL with Google Translate, so that the users begin to feel that the page is original.
Now, this is neither a new method nor a very sophisticated one, though unwary users have fallen prey to it.
In the method being deployed this time, hackers are in fact making use of a very simple trick. The attack targets Google and Facebook accounts and acts by sending malicious emails with a subject line ‘Security Alert’ to users to warn them of an unauthorised sign in from another device. The email, along with the warning message, carries a button with a link to the phishing website. The link, however, leading to their scamming site, first passes through Google Translate in the background.
Legit looking site….Bait enough?
It opens the phishing page where users are asked to share their Facebook and Google sign-in credentials. What’s important to note here is that the phishing page looks like Google’s single sign-in page to trick users.
But the trick lies in using Google Translate in the background. Users are redirected to the phishing page through Google Translate, which actually does two things: It fills up the phishing site URL with random text and displays Google’s legitimate domain.
This process of sending unsuspecting internet users to phishing page via Google Translate increases the chances of users falling for the trap as they see Google Domain at the top and gain confidence.
The attack is more difficult to spot if users are on mobile devices, where the URL is compressed enough to look authentic at first glance. On a computer, however, there are reasons enough to warn a cautious user of the hidden dangers.
Like, seeing the Google Translate toolbar unnecessary at the top of the phishing page or hovering the mouse over the links mentioned in their phishing emails to see the Google Translate page, must ring the warning bell.
On mobile devices where the compact layout of email clients makes it impossible for users to hover around the links, the scam becomes virtually impossible to spot.
One such scam making use of the Google Translate page to hide phishing emails was first spotted by Akamai researcher Larry Cashdollar last month.
How To Spot Such Phishing Emails?
Most phishing attacks are made to look authentic by the brains working 24X7 on scamming people. But they are not impossible to detect if internet users pay a little attention to detail. They must check the senders of all suspicious looking emails before clicking on any links and also try to spot errors if any.
Phishing emails can have different errors, and you need to have a discerning eye to be able to spot them. This one which is not too sophisticated, for example, uses ‘firstname.lastname@example.org’ to warn users about unauthorized login.
First of all, why would Facebook security go about warning users about sign in to their Google accounts?
And then, that too using a Hotmail address to do it…?
Now, that is not all! Even if users fail to take notice of this, they are led to a Facebook login screen after they complete their Google sign in.
The hackers probably got a little greedy here and tried to pull off a double scam but a few unlucky ones always end up getting trapped.
“We are aware of the phishing attempts and have blocked all sites in question, on multiple levels. If users encounter a phishing site, they can report them at this URL and we will take appropriate action: google.com/safebrowsing/report_phish/,” said a Google spokesperson.
Google also shared that when users share these phishing URLs, they are added to the list of blacklisted sites.
The rising number of cyber attacks is the biggest problem for individuals and companies. A recently published report highlights some of the core reasons behind the rising number of reported cyber attacks.