- #JusticeForLucca trends after video shows police slam Black teen’s head into pavement 2 Months Ago
- The internet is shocked to learn that Goombas do, in fact, have arms Today 2:02 PM
- PayPal, GoFundMe cut off armed militia that detains migrants at border Today 1:16 PM
- Barnwood theft may be on the rise because of ‘Fixer Upper’—and fans aren’t having it Today 12:23 PM
- Literary Twitter calls out Dzanc Books for Islamophobic, racist novel Today 11:40 AM
- How to watch Crawford vs. Khan online Today 10:00 AM
- Beyoncé has 2 more projects coming to Netflix after ‘Homecoming’ Today 9:53 AM
- How to watch Danny Garcia vs. Adrian Granados for free Today 9:00 AM
- The ‘Feeling Cute Challenge’ turns ugly after correctional officers abuse it Today 7:30 AM
- How to watch ‘How High 2’ for free Today 7:00 AM
- Swipe This! My ex-BFF keeps sliding into my DMs, but I don’t want to be friends Today 6:30 AM
- Watch ‘I Am Somebody’s Child: The Regina Louise Story’ for free Today 6:00 AM
- How to watch Barcelona vs. Real Sociedad for free Today 6:00 AM
- How to stream UFC Fight Night 149 for free Today 5:30 AM
- PDF Association dunks on Mueller report PDF Friday 7:33 PM
Global Panorama/Flickr (CC-BY-SA)
A security researcher has discovered a new Google Translate phishing attack in which hackers rely on the translating service to deceive their targets.
In a blog post for technology company Akamai, Larry Cashdollar details how the malicious email attempts to steal login credentials for both Google and Facebook. The attack appears as a warning allegedly from Google claiming that someone has logged into your account from a new device.
“A user has just signed in to your Google Account from a new Windows device,” the email states. “We are sending you this email to verify that it is you.”
Those who click the link are sent to a fake Google login page designed to steal usernames and passwords. While the attack contains numerous red flags, including a sender address that uses Hotmail, the login page itself is hidden at the end of a Google translate link.
“Using Google Translate does a number of things; it fills the URL (address) bar with lots of random text, but the most important thing visually is that the victim sees a legitimate Google domain,” Cashdollar wrote. “In some cases, this trick will help the criminal bypass endpoint defenses.”
Cashdollar also notes that those who enter their credentials into the nefarious Google page are then immediately sent to a fake Facebook login.
“The domain hosting the Facebook landing page is different from the domain hosting the Google one, but the two domains are linked via a script being used by the attacker,” Cashdollar said.
As with all phishing attacks, users are urged to examine any email asking for personal information, especially those looking for login details.
“Some phishing attacks are more sophisticated than others. In this case, the attack was easily spotted the moment I checked the message on my computer in addition to seeing it on my mobile device,” Cashdollar added. “However, other, more clever attacks fool thousands of people daily, even IT and Security professionals.”
In an effort to increase the average internet user’s ability to spot malicious emails, Google last month created a free phishing quiz that utilizes the latest techniques used by hackers.
- Secretive company sold cellphone location data to hundreds of bounty hunters
- These popular iPhone apps have been recording your screen without permission
- How to unsend an embarrassing message in Facebook Messenger
Mikael Thalen is a freelance journalist based in Seattle, covering all things technology, including social media, data breaches, hackers, and more.