Experts have found a new phishing campaign that has been targeting people who use Google Translate. Security expert Larry Cashdollar from Akamai’s Security Intelligence Response Team (SIRT), tweeted about the research on Tuesday.
Finally, I get to collaborate with @SteveD3 on some research -> Phishing Attacks Against Facebook / Google via Google Translate – Akamai Security Intelligence and Threat Research Blog https://t.co/0oif3jBKOa
— Larry W. Cashdollar (@_larry0) February 5, 2019
The targets of this phishing campaign are both Facebook and Google accounts. The use of the Google Translate app allows hackers to use a fake phishing page from a Google domain.
When Google Translate is used, an email is sent from what appears to be Google, telling users their account was accessed from a new Windows device.
On the email, is a button for the user to ‘Consult the Activity’ to find out more information about the threat. If the user clicks on the link, it will take them to another page asking for their Google login.
If the user adds their login details, the page will then send them to the attackers via email. The hackers then use these credentials to launch a second phishing attack on the users Facebook account.
Easily Detected on Desktop
If the message is accessed via a web browser on a desktop machine, then the user can easily see the Google Translate toolbar. This will make it easier for the user to see that this isn’t a genuine login page. Users on mobile devices are not so fortunate, because it isn’t as easy to see where the page originates.
It has also been noted that the login page is an older version of the one Google now uses.
Cashdollar concluded that: “Some phishing attacks are more sophisticated than others. In this case, the attack was easily spotted the moment I checked the message on my computer in addition to seeing it on my mobile device. However, other, more clever attacks fool thousands of people daily, even IT and Security professionals.”
He goes on to say that “The best defence is a good offence” and that it’s important to check these messages carefully.
Latest posts by Steven Daws (see all)
- Another Commercial WordPress Plugin Gets Exploited - February 17, 2019
- A Further 127 Million User Records Found For Sale on The Dark Web - February 15, 2019
- Google Play Store Malicious App Detection Up By Over 50% - February 14, 2019