This time, hackers are trying to lead internet users to phishing websites through Google Translate.
Hackers and cybercriminals keep upping their game and coming up with newer, ingenious methods every now and then since internet users are more informed than ever before. They are now beginning to understand that sharing their OTPs, clicking on dubious links and sharing banking and other details with strangers could land them in trouble.
Phishing attacks usually come in the form of getting internet users to sharing confidential details about themselves by creating fake pages. In the past, hackers mask their efforts to dupe internet users by mimicking popular websites like Netflix to unsuspecting victims into sharing details. Many times, these attacks come in the form of ‘security alerts’ and other ‘warning’ messages.
The crudest phishing scams come in the form of fake pages created by hackers to look like some very popular websites but hosting them on slightly different domains. Like perhaps spottifyy.com.
Hackers Hide Behind Google Translate
This time around, cybercriminals are hiding their fake URL with Google Translate, so that the users begin to feel that the page is original.
Now, this is neither a new method nor a very sophisticated one, though unwary users have fallen prey to it.
In the method being deployed this time, hackers are in fact making use of a very simple trick. The attack targets Google and Facebook accounts and acts by sending malicious emails with a subject line ‘Security Alert’ to users to warn them of an unauthorised sign in from another device. The email, along with the warning message, carries a button with a link to the phishing website. The link, however, leading to their scamming site, first passes through Google Translate in the background.
Wait.
Legit looking site….Bait enough?
Not quite!
It opens the phishing page where users are asked to share their Facebook and Google sign-in credentials. What’s important to note here is that the phishing page looks like Google’s single sign-in page to trick users.
But the trick lies in using Google Translate in the background. Users are redirected to the phishing page through Google Translate, which actually does two things: It fills up the phishing site URL with random text and displays Google’s legitimate domain.
This process of sending unsuspecting internet users to phishing page via Google Translate increases the chances of users falling for the trap as they see Google Domain at the top and gain confidence.