Sometimes, the most effective hacks are the simplest hacks. The technique of targeting users’ email accounts with malicious links that gather personal data is one of the oldest and most successful hacks around. And now, you should be on the lookout for phishing emails that are using Google translate to mask their nefarious nature.
Phishing emails use a variety of approaches that all have the same goal: Convincing you to click a link before you’ve properly investigated whether or not it’s safe. This week, a security researcher at Akamai outlined a novel phishing approach that they recently encountered in their inbox that attempts to use Google translate links to mask disreputable links.
In January, the researcher received an email informing them that someone had attempted to access their Google account on an unrecognized Windows device. They first saw the email on their phone and didn’t recall using a new device so they moved over to a laptop to look into it. Red flags became more apparent when the researcher was no longer staring at the minimal mobile interface.
The body of the email contained what looked like a standard notification from Google directing them to click through to take further steps. The link was for a malicious site designed to trick a user into giving up their Google login info. But in an effort to disguise the link, it was first run through Google translate, meaning if you previewed the URL it began with “www.translate.google.com” For inattentive users, this might give the appearance of legitimacy. Clicking the link takes you to a page in Google Translate’s interface and still carries the Google URL in the browser navigation bar. Anyone who doesn’t notice the true URL in Google Translate’s search bar could easily be convinced that the login screen asking for their credentials is perfectly legitimate.
The good news is this particular hacker gave many other clues that they were orchestrating a scam. First of all the email came from “firstname.lastname@example.org.” Why would Facebook security be contacting you about your Google account and why would they use a Hotmail address to do it? But even if you didn’t notice that, after you completed the Google sign in, you might start getting suspicious when the malicious site next sends you to a Facebook login screen in an attempt to pull off a two-for-one scam.
We’ve reached out to Google to ask if this attack is common and if it has tools in place to help prevent it. We’ll update this post when we receive a reply.
Yes, the attack is sloppy and the hacker’s greed might alert even novice users to contact Google in order to correct their error immediately. But these types of criminals are normally targeting thousands of potential victims with the hope of at least snagging a few unlucky people in their trap. Attempting to get multiple logins in one try is risky, but if you’re going to go phishing, you might as well try to catch the biggest phish possible.