Windows 10 News and info | Forum
August 21, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: New Phishing Attack Uses Google Translate as Camouflage  (Read 40 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 30358

I Do Windows

WWW Email
« on: February 08, 2019, 11:41:31 AM »

A phishing campaign that attempts to steal Google account and Facebook credentials has been discovered that utilizes Google Translate as camouflage on mobile browsers.

According to new research by Larry Cashdollar, a member of Akamai's Security Intelligence Response Team (SIRT), a phishing campaign was discovered that targets both Google and Facebook accounts. What makes this campaign so effective is its use of Google Translate to make the phishing page look like it's from a Google domain, while also making it harder to detect on mobile browsers.

These phishing emails pretending to be alerted from Google with a subject of "Security Alert" and state that they have detected your account being logged into from a new Windows device. It then prompts you to learn more about what they detected by clicking on the "Consult the activity" button.

Phishing email pretending to a Google Alert

When a user clicks on the link, they will be brought to a Google Translate page that opens up a remote phishing site that pretends to be a Google Account login. On desktop browsers, it can easily be spotted that the phishing page is being shown through Google Translate.

Google Account phishing page on a desktop browser.

For mobile browsers, though, it is much harder to detect as Google Translate shows a minimal interface when on mobile devices. Unfortunately, Cashdollar was not able to provide BleepingComputer with an image of how this particular scam looked on a mobile browser, so we created our own test page.

BleepingComputer created a test page containing a fake Google account login and opened it through Google Translate on a mobile browser. As you can see, the Google Translate interface is less noticeable and the page shows that we are visiting a page on the domain To the user this may be more convincing as they see a Google domain rather than a strangely named one.

How Google Translate looks on a mobile device

When the user entered their credentials in the original phishing page, a script will be executed that emails entered information to the attacker. Cashdollar illustrated this in Akamai's labs to show how this data is emailed to the attacker.

Email is sent to the attackers with victim's information

Now that the attackers have the victim's Google Account credentials, they perform another redirect to a Facebook phishing page where they try to get the victim's Facebook username and password as well. Cashdollar stated that this page was not optimized as well for mobile and was more easy to spot that it was a fake.

Redirected Facebook phishing page

As you can see, attackers are constantly coming up with more innovative ways to trick users into providing their credentials. Users have to always remain vigilant that they are entering insensitive information in the correct sites and to always analyze an URL that is opened before doing so.

It is also important to remember that Google, or any other company for that matter, will never ask you to log in through Google Translate or any other translation service.

« Last Edit: February 08, 2019, 11:42:51 AM by javajolt » Logged

Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page February 09, 2019, 10:05:29 AM