February 7, 2019 at
Hackers have found a new method of redirecting internet users towards phishing websites by exploiting Google Translate, according to security researchers. There were already several sightings of phishing emails that are using this technique.
The method is not complex, and it all comes down to a simple trick. Hackers are not changing anything regarding the phishing emails that they are sending. However, the link leading to a phishing website first passes through Google Translate, and the URL generated by the tool is then included in the email instead of the original one.
After clicking on the link, the victims will be redirected to the Google Translate portal, which will load the phishing page, while the Google Translate toolbar remains at the top of the page.
Despite the hackers’ efforts, the new method does not appear to be very effective when performed on desktops. Users are quick to notice that something is wrong, and hovering the mouse over email links is a quick way to determine where the link actually leads, even if masked. Furthermore, the fact that Google Translate toolbar remains visible on top of the page is another indicator that the victim is not on the page they expected to see.
However, things might be more dangerous when it comes to mobile devices. For example, on a smartphone, it is not possible to hover over the link and see its true nature. Furthermore, users might mistake Google Translate toolbar for a phone browser’s address bar, and simply not pay attention to indicators that they are not on the right page.
The campaign proved to be mostly unsuccessful so far
As mentioned the campaign was recently discovered, but it appears to have been in use for some time. One example of abusing Google Translate in this way was spotted by Larry Cashdollar, a security researcher at Akamai.
The campaign seems to have been put together rather badly, and it tried to steal both, Google and Facebook login information at the same time. It did this by redirecting victims from an alleged Google login page to the Facebook one as soon as the victim filled their Google login credentials.
Hackers attempt to rush the process and obtain more sensitive data at once proved to be a mistake, and most of the targets were alerted by Facebook login page popping up as soon as they logged into what they believed was their Google account. As soon as their victims realized that they are being targeted by a phishing attack, the majority knew what to do, and they changed their login credentials right away.
The campaign was unpolished a month ago, when Cashdollar reported it, and it appears that it did not change much since. Even so, those who prefer to use mobile over the desktop browsing should remain on the lookout for similar attempts.