A new phishing campaign has been discovered impersonating Google Translate in order to trick victims.
The campaign was spotted by cybersecurity researchers from Avanan, which found numerous phishing emails, some of which were written in Spanish.
The emails are in line with what one can expect from a phishing attack, claiming to have come from the victim’s email provider, stating that their identity (opens in new tab) is not confirmed, and unless they act immediately they’ll lose access to the unread messages.
Lot of Javascript
This is standard practice with phishing emails, the researchers say, as the sense of urgency makes people act irrationally and recklessly, making them more likely to click on a malicious link or download a malicious attachment.
To “confirm” their identity, the victims are told to click on a link provided in the email itself. Those that fall for the scam and do click the link are redirected to a page that looks like Google Translate (which it’s not). However, on top of the page is a login popup box, where the victims should enter their credentials. The username/password (opens in new tab) combination entered there goes straight to the attackers.
The fake Translate page looks quite authentic, the researchers say, adding that the attackers used “a lot of Javascript” to make it happen. They also included the Unescape command to hide their true intentions, it was said.
“This attack has a little bit of everything,” the experts conclude. “It has unique social engineering at the front end. It leverages a legitimate site to help get into the inbox. It uses trickery and obfuscation to confuse security services.”
To defend from such attacks, users need to be extra vigilant, researchers warn.
As a general rule of thumb, emails that demand urgent action from the user are most likely phishing attacks and should be handled with extra care.