Google Translate used in latest phishing campaign
There is a phishing campaign going on that steals victims' Facebook and Google credentials and hides its malicious landing page via Google Translate. The phishing campaign uses a two-stage attack to target both Google and Facebook usernames and passwords, according to researchers. The scam also evades detection by burying its landing page in a Google Translate page, victims sees a legitimate Google domain and are more likely to input their credentials. This is an interesting attack, as it uses Google Translate, and targets multiple accounts in one swoop.
It starts with an email notification informing them that their Google account had been accessed from a new Windows device. The message, titled “Security Alert,” has a Google branded image that states, “A user has just signed in to your Google Account from a new Windows device. We are sending you this email to verify that it is you.” At the bottom of the message, there is a Then, there's a “Consult the activity” button. The message looked more convincing in its condensed state on mobile devices, rather than on a desktop where the title of the email sender is seen. Upon closer look at the email, we can see that the message was sent from “facebook_secur[@]hotmail.com,” which has nothing to do with Google.
Taking advantage of known brand names is a common phishing trick, and it usually works if the victim isn't paying attention. Phishing attacks want to throw people off, so they use fear, curiosity, or even false authority in order to make the victim click first, and question later. When clicking on the “Consult the activity” button, victims are brought to a page that looks a Google domain, prompting them to sign into his Google account. The landing page, however, loads the fake site via Google Translate.
Using Google Translate helps the hackers hide any malicious attempts several ways. The victim sees a legitimate Google domain which may help the hacker bypass endpoint security. Using Google Translate makes the URL bar fill with random text. When researchers looked into the text, they could see the "mediocrity" domain being translated. While this method of obfuscation might have some success on mobile devices, it fails when viewed from a computer. Users who fail to notice the red flags, have their credentials collected and emailed to the hacker.
Phishing scams have grown over the past year and this particular scam is only one example of how hackers behind the scams are updating their methods. According to a recent Proofpoint report, 83 percent of respondents experienced phishing attacks in 2018. Up to 49 percent of respondents said they have experienced “voice phishing,” where hackers use the phone to gain access to personal data or “SMS/text phishing," where text messages are used to collect personal data.