- Notorious grifter Anna Sorokin reportedly blocked from profiting off Netflix series 5 Months Ago
- Charlottesville attacker’s Twitter account included praise for Hitler 5 Months Ago
- ‘Short Treks’ trailer: Spock, Pike, and Number One return 5 Months Ago
- Everything we know about ‘Star Trek: Lower Decks,’ the new animated show Today 11:55 AM
- Cole Carrigan says he left Team 10 after being called homophobic slur Today 11:32 AM
- Cop under investigation after implying Ocasio-Cortez should be shot Today 11:07 AM
- The ‘Big Little Lies’ finale sucked—but at least we have Renata Today 11:01 AM
- Wendy Davis announces she’s running for Congress Today 10:45 AM
- Please stop being horny on main for #IceBae and other horrible people Today 10:02 AM
- Illinois Republicans share ‘jihad squad’ meme of 4 Dem congresswomen Today 9:05 AM
- How a deepfake gets made Today 8:25 AM
- How to watch ‘Veronica Mars’ season 4 online Today 8:21 AM
- The MCU’s Phase 4 is all about Marvel getting weird Today 7:07 AM
- How alt porn site SuicideGirls gets women to pose naked for free Today 7:00 AM
- Why did the GOP launch a website hyping socialist candidates? Today 6:30 AM
Global Panorama/Flickr (CC-BY-SA)
A security researcher has discovered a new Google Translate phishing attack in which hackers rely on the translating service to deceive their targets.
In a blog post for technology company Akamai, Larry Cashdollar details how the malicious email attempts to steal login credentials for both Google and Facebook. The attack appears as a warning allegedly from Google claiming that someone has logged into your account from a new device.
“A user has just signed in to your Google Account from a new Windows device,” the email states. “We are sending you this email to verify that it is you.”
Those who click the link are sent to a fake Google login page designed to steal usernames and passwords. While the attack contains numerous red flags, including a sender address that uses Hotmail, the login page itself is hidden at the end of a Google translate link.
“Using Google Translate does a number of things; it fills the URL (address) bar with lots of random text, but the most important thing visually is that the victim sees a legitimate Google domain,” Cashdollar wrote. “In some cases, this trick will help the criminal bypass endpoint defenses.”
Cashdollar also notes that those who enter their credentials into the nefarious Google page are then immediately sent to a fake Facebook login.
“The domain hosting the Facebook landing page is different from the domain hosting the Google one, but the two domains are linked via a script being used by the attacker,” Cashdollar said.
As with all phishing attacks, users are urged to examine any email asking for personal information, especially those looking for login details.
“Some phishing attacks are more sophisticated than others. In this case, the attack was easily spotted the moment I checked the message on my computer in addition to seeing it on my mobile device,” Cashdollar added. “However, other, more clever attacks fool thousands of people daily, even IT and Security professionals.”
In an effort to increase the average internet user’s ability to spot malicious emails, Google last month created a free phishing quiz that utilizes the latest techniques used by hackers.
- Secretive company sold cellphone location data to hundreds of bounty hunters
- These popular iPhone apps have been recording your screen without permission
- How to unsend an embarrassing message in Facebook Messenger
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.