>
A new phishing campaign masquerading as Google Translate has been discovered to trick victims.
The campaign was noticed by cybersecurity researchers at Avanan, who found numerous phishing emails, some of which were written in Spanish.
The emails correspond to what one would expect from a phishing attack, claiming to come from the victim’s email provider, stating that their identity (opens in new tab) has not been confirmed, and unless they act immediately, they will lose access to the unread messages.
Lots of Javascript
According to the researchers, this is standard practice with phishing emails, because the sense of urgency makes people act irrationally and recklessly, making them more likely to click on a malicious link or download a malicious attachment.
To ‘confirm’ their identity, victims are asked to click on a link in the email itself. Those who fall for the scam and click on the link will be redirected to a page that looks like Google Translate (which it isn’t). However, at the top of the page, there is a login pop-up window where victims are required to enter their login details. The username/password (opens in new tab) combination entered there goes directly to the attackers.
The fake Translate page looks quite authentic, the researchers say, adding that the attackers used “a lot of Javascript” to make it possible. They also added the Unescape command to hide their true intentions, it was said.
“This attack has a little bit of everything,” the experts conclude. “It has unique social engineering on the front. It uses a legit site to get to the inbox. It uses deception and embezzlement to confuse security services.”
To defend against such attacks, users should be extra vigilant, researchers warn.
As a general rule of thumb, emails that require urgent user action are most likely phishing attacks and should be handled with extra care.