- Ann Coulter’s Twitter bio links to a vulgar parody account 1 Week Ago
- Popular YouTube music channel gets income yanked for ‘repetitious’ content Today 4:14 PM
- New website will endlessly generate fake faces thanks to AI Today 3:41 PM
- Man fakes getting stood up at Outback Steakhouse Today 3:03 PM
- FCC looks to tackle robocalls and spoofed texts Today 2:57 PM
- How to protect yourself from the data breach that affected 744 million accounts Today 12:56 PM
- How to stream Rob Brant vs. Khasan Baysangurov online for free Today 12:21 PM
- No, Ocasio-Cortez doesn’t have her boyfriend on her payroll Today 12:20 PM
- Writers want this book canceled for misgendering its protagonist Today 12:15 PM
- Trump Jr’s meme about his dad’s border wall doesn’t get how Congress works Today 11:44 AM
- FBI reportedly looking into Ryan Adams’ communications with underage girl Today 11:25 AM
- Trump does Chinese accent, declares national emergency, bewilders the internet Today 11:21 AM
- Chrissy Teigen throws shade at Logan Paul-Kaitlin Bennett pairing Today 10:48 AM
- Trump says ‘I didn’t need to do this’ while declaring national emergency Today 10:48 AM
- Women sue border patrol for detaining them for speaking Spanish Today 10:20 AM
Global Panorama/Flickr (CC-BY-SA)
A security researcher has discovered a new Google Translate phishing attack in which hackers rely on the translating service to deceive their targets.
In a blog post for technology company Akamai, Larry Cashdollar details how the malicious email attempts to steal login credentials for both Google and Facebook. The attack appears as a warning allegedly from Google claiming that someone has logged into your account from a new device.
“A user has just signed in to your Google Account from a new Windows device,” the email states. “We are sending you this email to verify that it is you.”
Those who click the link are sent to a fake Google login page designed to steal usernames and passwords. While the attack contains numerous red flags, including a sender address that uses Hotmail, the login page itself is hidden at the end of a Google translate link.
“Using Google Translate does a number of things; it fills the URL (address) bar with lots of random text, but the most important thing visually is that the victim sees a legitimate Google domain,” Cashdollar wrote. “In some cases, this trick will help the criminal bypass endpoint defenses.”
Cashdollar also notes that those who enter their credentials into the nefarious Google page are then immediately sent to a fake Facebook login.
“The domain hosting the Facebook landing page is different from the domain hosting the Google one, but the two domains are linked via a script being used by the attacker,” Cashdollar said.
As with all phishing attacks, users are urged to examine any email asking for personal information, especially those looking for login details.
“Some phishing attacks are more sophisticated than others. In this case, the attack was easily spotted the moment I checked the message on my computer in addition to seeing it on my mobile device,” Cashdollar added. “However, other, more clever attacks fool thousands of people daily, even IT and Security professionals.”
In an effort to increase the average internet user’s ability to spot malicious emails, Google last month created a free phishing quiz that utilizes the latest techniques used by hackers.
- Secretive company sold cellphone location data to hundreds of bounty hunters
- These popular iPhone apps have been recording your screen without permission
- How to unsend an embarrassing message in Facebook Messenger
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.