- Instagram and Facebook are reportedly blocking queer ads Friday 8:58 PM
- Review: Tyler Perry’s ‘A Fall From Grace’ is both nonsensical and utterly predictable Friday 6:48 PM
- Is Hulu censoring the Iran episode of Anthony Bourdain’s ‘Parts Unknown’? Friday 6:05 PM
- Trump admin celebrates Michelle Obama’s birthday by proposing rollback of her signature initiative Friday 4:01 PM
- TSA apologizes after agent grabs indigenous woman’s braids, says ‘giddyup’ Friday 3:28 PM
- Blue Bell ice cream licker pleads guilty Friday 2:54 PM
- 7 fortune-telling sites for when you’re bored Friday 2:21 PM
- Governor bans sex puns on free condom wrappers Friday 2:16 PM
- Is Justin Bieber’s ‘Yummy’ video secretly about Pizzagate? Friday 1:01 PM
- Woah Vicky rips out her hair in botched cultural appropriation attempt Friday 12:30 PM
- Here’s an exclusive look at ‘Weathering With You’ Friday 11:57 AM
- TikTok dudes are dipping their balls in soy sauce for ‘science’ Friday 11:49 AM
- Pete Buttigieg’s denial of fixing bread prices becomes its own meme Friday 11:10 AM
- Houston Astros get torched with buzzer memes after new revelation Friday 10:41 AM
- Teens are eating cereal out of each other’s mouths for clout Friday 10:34 AM
A security researcher has discovered a new Google Translate phishing attack in which hackers rely on the translating service to deceive their targets.
In a blog post for technology company Akamai, Larry Cashdollar details how the malicious email attempts to steal login credentials for both Google and Facebook. The attack appears as a warning allegedly from Google claiming that someone has logged into your account from a new device.
“A user has just signed in to your Google Account from a new Windows device,” the email states. “We are sending you this email to verify that it is you.”
Those who click the link are sent to a fake Google login page designed to steal usernames and passwords. While the attack contains numerous red flags, including a sender address that uses Hotmail, the login page itself is hidden at the end of a Google translate link.
“Using Google Translate does a number of things; it fills the URL (address) bar with lots of random text, but the most important thing visually is that the victim sees a legitimate Google domain,” Cashdollar wrote. “In some cases, this trick will help the criminal bypass endpoint defenses.”
Cashdollar also notes that those who enter their credentials into the nefarious Google page are then immediately sent to a fake Facebook login.
“The domain hosting the Facebook landing page is different from the domain hosting the Google one, but the two domains are linked via a script being used by the attacker,” Cashdollar said.
As with all phishing attacks, users are urged to examine any email asking for personal information, especially those looking for login details.
“Some phishing attacks are more sophisticated than others. In this case, the attack was easily spotted the moment I checked the message on my computer in addition to seeing it on my mobile device,” Cashdollar added. “However, other, more clever attacks fool thousands of people daily, even IT and Security professionals.”
In an effort to increase the average internet user’s ability to spot malicious emails, Google last month created a free phishing quiz that utilizes the latest techniques used by hackers.
- Secretive company sold cellphone location data to hundreds of bounty hunters
- These popular iPhone apps have been recording your screen without permission
- How to unsend an embarrassing message in Facebook Messenger
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.