BadB
Professional
- Messages
- 2,465
- Reaction score
- 2,469
- Points
- 113
Cybercriminals have come up with an interesting method of hiding the domains of their phishing sites using the Google Translate app. The trick works quite simply: cybercriminals send out regular phishing emails, but the address of the phishing page is “run” through the translator and the Google Translate URL is included in the message instead of a direct link to the malicious page.
When you click on the buttons or links inside the phishing email, you are redirected to the Google translator portal, where the phishing page is loaded. This method is not very effective on laptops and desktops, as many users will probably find it suspicious to have a Google Translate toolbar at the top of the page or display its domain when hovering over a link. However, on mobile devices, this trick can work, given the compact look of email clients and browsers, where users simply can't hover over links, and the Google Translate toolbar looks a lot like a browser's address bar.
One such phishing campaign was spotted by Akamai specialist Larry Cashdollar last month. The attackers tried to collect logins / passwords for Google and Facebook accounts in one go, quickly redirecting users from the Google login form to the Facebook login page. Although this operation turned out to be not very thoughtful, experts recommend that mobile device owners be more careful and check if links lead to a Google translator page.
