Google Translate is being hijacked by phishers to steal your data
No, you don’t need to log into Google to use the translator
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A new phishing campaign has been discovered impersonatingGoogleTranslate in order to trick victims.
The campaign was spotted by cybersecurity researchers from Avanan, which found numerous phishing emails, some of which were written in Spanish.
The emails are in line with what one can expect from a phishing attack, claiming to have come from the victim’s email provider, stating that theiridentityis not confirmed, and unless they act immediately they’ll lose access to the unread messages.
Lot of Javascript
This is standard practice with phishing emails, the researchers say, as the sense of urgency makes people act irrationally and recklessly, making them more likely to click on a malicious link or download a malicious attachment.
To “confirm” their identity, the victims are told to click on a link provided in the email itself. Those that fall for the scam and do click the link are redirected to a page that looks like Google Translate (which it’s not). However, on top of the page is a login popup box, where the victims should enter their credentials. The username/passwordcombination entered there goes straight to the attackers.
The fake Translate page looks quite authentic, the researchers say, adding that the attackers used “a lot of Javascript” to make it happen. They also included the Unescape command to hide their true intentions, it was said.
Phishing attackers are now using multiple email accounts to start group conversations with you>Phishing attacks are getting more and more sophisticated>Check out the best malware removal tools around
“This attack has a little bit of everything,” the experts conclude. “It has unique social engineering at the front end. It leverages a legitimate site to help get into the inbox. It uses trickery and obfuscation to confuse security services.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To defend from such attacks, users need to be extra vigilant, researchers warn.
As a general rule of thumb, emails that demand urgent action from the user are most likely phishing attacks and should be handled with extra care.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report
