Google Translate has been found to be infiltrated in a fresh phishing program designed to tamper victims.
Avanan, a cybersecurity researcher, discovered a number of phishing emails, some of which were written in English.
The messages are consistent with what a phishing attack provides, claiming to have proven from the victims'' email provider, and acknowledging that their identity (opens in a new tab) is not verified, and unless they act immediately theyll lose access to the unread messages.
Lot of Javascript
According to researchers, this is a common practice with phishing emails, because to the sense of prudence, people act irrationally and recklessly, making them more likely to click on a malicious link or download a malicious attachment.
The victims are advised to click on a link provided in the email itself to confirm their identity. Those who fall for the scam and do not click the link are redirected to a page that appears like Google Translate (which its not). However, on the top of the page is a login popup box where they should enter their credentials. The username/password (opens in a new tab) combination entered there goes straight to the attackers.
According to researchers, the fake Translate page is quite authentic, adding that the attackers used a lot of Javascript to make it happen. They also included the Unescape command to conceal their true intentions.
The experts conclude that this attack has a little bit of everything. It has unique social engineering at the front end. It leverages a legitimate site to assist in getting into the inbox. It uses trickery and obscenity to confuse security services.
Researchers warn that users must be extra vigilant in order to protect themselves from such actions.
Emails that require immediate action from the user are most likely to be phishing attacks, and they should be handled with additional care.