Friday, October 14, 2022

Google Translate is being hijacked by phishers to steal your data

A new phishing campaign has been discovered impersonating Google Translate in order to trick victims. 

The campaign was spotted by cybersecurity researchers from Avanan, which found numerous phishing emails, some of which were written in Spanish.

The emails are in line with what one can expect from a phishing attack, claiming to have come from the victim’s email provider, stating that their identity is not confirmed, and unless they act immediately they’ll lose access to the unread messages.

Lot of Javascript

This is standard practice with phishing emails, the researchers say, as the sense of urgency makes people act irrationally and recklessly, making them more likely to click on a malicious link or download a malicious attachment. 

To “confirm” their identity, the victims are told to click on a link provided in the email itself. Those that fall for the scam and do click the link are redirected to a page that looks like Google Translate (which it’s not). However, on top of the page is a login popup box, where the victims should enter their credentials. The username/password combination entered there goes straight to the attackers.

The fake Translate page looks quite authentic, the researchers say, adding that the attackers used “a lot of Javascript” to make it happen. They also included the Unescape command to hide their true intentions, it was said.

“This attack has a little bit of everything,” the experts conclude. “It has unique social engineering at the front end. It leverages a legitimate site to help get into the inbox. It uses trickery and obfuscation to confuse security services.”

To defend from such attacks, users need to be extra vigilant, researchers warn. 

As a general rule of thumb, emails that demand urgent action from the user are most likely phishing attacks and should be handled with extra care.



from TechRadar - All the latest technology news https://ift.tt/qRLB8bi

No comments:

Post a Comment

You can now ask Claude to mimic your writing style

Anthropic is rolling out new ways for you to change how your Claude AI chatbot communicates with a new range of pre-set and custom writing ...