A newly discovered phishing attempt used Google Translate to fool users by concealing the actual domain of malicious websites. A security researcher from Akamai found this new social engineering strategy after he received a random email saying that someone accessed his Google account in another Windows device.
The email has a rather convincing interface, and it also prompts the user to verify their identity by tapping on the “Consult the activity” button. However, a person using a Hotmail email address sent the message, rather than Google itself. Upon pressing the embedded button, users will then proceed to a fake login page that mimics the landing form seen on Google websites. Interestingly, after the victim enters their Google account credentials, they will then continue to another landing page from a different domain that looks like an old mobile login page of Facebook, likely to also get the victim’s account details on the social networking site. In addition to the login credentials, the website may also obtain the IP address, the location, and the type of browser of the user.
People behind this new phishing attempt used Google Translate to hide the actual domain of the phishing website. This strategy is more effective on users who view their accounts on mobile devices. While the actual URL has a long string of random letters and numbers, people on mobile devices will only see a Google domain, which may convince them that they are looking at a legitimate Google landing page.
Using Google Translate may also allow malicious websites to bypass network defenses, which may detect that the login page comes from a legitimate Google website. It is less likely that this method will work on desktops since the browser will show the full Google Translate URL, while the Google Translate bar appears on top of the fake login page.
Google and Facebook users have been the subjects of several phishing attempts over the last few years, with some attackers executing more elaborate efforts. Back in 2017, an email impersonating Google Docs became widespread. This message contains a link to the fake Docs app that looks remarkably similar to the actual Google service. If the user grants access to email information, the attackers will then send the same message to all the person’s contacts.
Another attempt in 2017 by a group of Russian hackers known as Fancy Bear gained access to sensitive email information of several high-profile individuals by distributing fake apps like “Google Defender”. Meanwhile, a malware distributed last year successfully obtained the login credentials of more than 45,000 Facebook users.
Even if attackers succeed in obtaining the login credentials of the victim, people may still prevent malicious individuals from taking over their accounts by using two-factor authentication and recovery emails or mobile devices. Two-factor authentication adds another step to the login process, and it prevents people from accessing their accounts unless they provide the code sent through a text message or by an authenticator app, respond to a prompt on a trusted device, or attach a hardware key to their computers or smartphones. In the case of account compromise, a recovery email or mobile device will allow users to block people who access the account without permission.
As phishing attempts become more elaborate, security researchers and tech giants repeatedly ask users to be vigilant against efforts by attackers to gain access to their accounts and possibly steal sensitive information. However, given that phishing attempts can fool even IT and security professionals, it is also important that people employ steps to prevent malicious individuals from taking over their accounts.