New Phishing Attack Uses Google Translate as Camouflage

by chebbi abir

A phishing campaign that attempts to steal Google account and Facebook credentials has been discovered that utilizes Google Translate as camouflage on mobile browsers.

According to new research by Larry Cashdollar, a member of Akamai’s Security Intelligence Response Team (SIRT), a phishing campaign was discovered that targets both Google and Facebook accounts. What makes this campaign so effective is its use of Google Translate to make the phishing page look like it’s from a Google domain, while also making it harder to detect on mobile browsers.

These phishing emails pretend to be alerts from Google with a subject of “Security Alert” and state that they have detected your account being logged into from a new Windows device. It then prompts you to learn more about what they detected by clicking on the “Consult the activity” button.

Phishing email pretending to a Google Alert
Phishing email pretending to a Google Alert

When a user clicks on the link, they will be brought to a Google Translate page that opens up a remote phishing site that pretends to be a Google Account login. On desktop browsers, it can easily be spotted that the phishing page is being shown through Google Translate.

Google Account phishing page on a desktop browser.
Google Account phishing page on a desktop browser.

For mobile browsers, though, it is much harder to detect as Google Translate shows a minimal interface when on mobile devices. Unfortunately, Cashdollar was not able to provide BleepingComputer with an image of how this particular scam looked on a mobile browser, so we created our own test page.

BleepingComputer created a test page containing a fake Google account login and opened it through Google Translate on a mobile browser. As you can see, the Google Translate interface is less noticeable and the page shows that we are visiting a page on the domain To the user this may be more convincing as they see a Google domain rather than a strangely named one.

How Google Translate looks on a mobile device
How Google Translate looks on a mobile device

When the user entered their their credentials in the original phishing page, a script will be executed that emails the entered information to the attacker. Cashdollar illustrated this in Akamai’s labs to show how this data is emailed to the attacker.

Email being sent to the attackers with victim's information
Email being sent to the attackers with victim’s information

Now that the attackers have the victim’s Google Account credentials, they perform another redirect to a Facebook phishing page where they try to get the victim’s Facebook username and password as well. Cashdollar stated that this page was not optimized as well for mobile and was more easy to spot that it was a fake.

Redirected Facebook Phishing Page
Redirected Facebook phishing page

As you can see, attackers are constantly coming up with more innovative ways to trick users into providing their credentials. Users have to always remain vigilant that they are entering insensitive information in the correct sites and to always analyze an URL that is opened before doing so.

It is also important to remember that Google, or any other company for that matter, will never ask you to login through Google Translate or any other translation service.



To read the original article:


Interdit de copier  ce contenu