In a sophisticated twist to the traditional phishing scam, hackers have used Google Translate to mask their identity and trick people into giving away their Facebook and Google login details.
The scam was uncovered when Larry Cashdollar, a security researcher with Akamai’s Security Intelligence Response Team, received an email on his phone telling him his Google account had been accessed from a new Windows device.
The phishing emails are presented as ‘security alerts’ and inform the recipient that their account has been logged into from a new Windows device. It then prompts the user to learn more about what Google has detected by clicking on the ‘consult the activity’ button.
Image: Fake Security Alert (Source -Akamai)
When the button is clicked, the victim is redirected through to a phishing page disguised as a Google Account login. The scam is particularly effective as it uses Google Translate to make the Phishing page look like it’s from a Google domain, creating a fake feeling of legitimacy for the user.
The scam appears entirely credible on a mobile device as Google Translate shows a minimal interface on the screen. However, on a desktop browser, the red flags are more apparent and upon closer inspection, the user can see the supposed ‘security alert’ comes from a Hotmail account.
Another immediate red flag is the full address used in the Login page as seen below. The ‘mediacity’ domain is translated and it becomes apparent that the site is fraudulent.
Image: Google Phishing page on Desktop (Source – Akamai)
Despite the red flags, to the untrained eye the scam will appear entirely legitimate and for those unfortunate enough to have entered their login credentials, the second stage of the phishing attack will be triggered.
The user is then forwarded to a clone of Facebook’s mobile login portal in a further attempt to steal their login credentials for the social media platform.
There has been a notable increase in this type of two-pronged attack as hackers look to capitalise on victims who have fallen for the first stage of their scams.
Cashdollar commented on the evolving sophistication of these types of scams: “It isn't every day that you see a phishing attack leverage Google Translate as a means of adding legitimacy and obfuscation on a mobile device. But it's highly uncommon to see such an attack target two brands in the same session.
“Taking advantage of known brand names is a common phishing trick, and it usually works if the victim isn't aware or paying attention. Criminals conducting phishing attacks want to throw people off their game, so they'll use fear, curiosity, or even false authority in order to make the victim take an action first and question the situation later. When this happens, it is entirely possible - expected, in some cases - that the victim isn't going to pay attention to little details that give the scam away.
To protect yourself from falling victim to a phishing scam, you should follow the below guidelines.
Phishing is continually evolving, and the increasing sophistication of recent attacks has demonstrated just how vigilant users need to be if they want to avoid being scammed. Our award winning MetaPhish solution provides a powerful defence against phishing and ransomware attacks and it’s been used by over 600 organisations around the world to keep their staff safe from attack. Get in touch for further information on how we can help protect your business.
If you would like to find out more about Phishing and the different forms it takes, check out our Ultimate Guide to Phishing.