Cyberattackers Spoof Google Translate in Unique Phishing Tactic

The campaign uses a combination of tactics to fool both end users and email security scanners.

Dark Reading, Elizabeth Montalbano

October 13, 2022

2 Min Read
Cyberattackers Spoof Google Translate in Unique Phishing Tactic
Getty Images

Attackers are spoofing Google Translate in an ongoing phishing campaign that uses a common JavaScript coding technique to bypass email security scanners. Leveraging trust in Google Translate is a never-before-seen approach, researchers said.

Researchers from Avanan, a Check Point Software Company, uncovered the campaign, which uses the coding technique to obfuscate phishing sites to make them appear legitimate to the end user as well as fool security gateways. The phish also uses social engineering tactics to convince users they need to respond quickly to an email or face having an account closed, according to a blog post published today.

The messages direct a user to a link that directs them to a credential-harvesting page that appears to be a legitimate Google Translate page, with a pre-populated email field that requires only that a person enter his or her password to log in.

The campaign is an example of a number of current, increasingly more sophisticated tactics that threat actors are using in contemporary phishing campaigns to fool both more savvy end users who have become familiar with malicious tactics, as well as email scanners that delete suspicious messages before they get through, noted Jeremy Fuchs, an Avanan cybersecurity researcher and analyst.

Related:Windows 11 Phishing Protection Feature Poses Potential Risk

"This attack has a little bit of everything," he wrote in the post. "It has unique social engineering at the front end. It leverages a legitimate site to help get into the inbox. It uses trickery and obfuscation to confuse security services."

"Urgent Plea"

Researchers observed a Spanish-language email being used in the campaign, which begins — as most phishing messages do — with social engineering.

In this case, hackers make an "urgent plea" for a user to confirm access to his or her account by informing them that they are missing out on important emails and have only 48 hours in which to review them before they will be deleted.

Continue Reading This Article on Dark Reading

Read more about:

Alphabet Inc.Dark Reading

About the Authors

Dark Reading

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

See more from Dark Reading
Elizabeth Montalbano

Elizabeth Montalbano

See more from Elizabeth Montalbano
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

drawings of people with different colored brains
IT Management
Embracing Neurodiversity in IT Workplace to Bridge Talent GapsEmbracing Neurodiversity in IT Workplace to Bridge Talent Gaps
byNathan Eddy
Sep 2, 2024
6 Min Read
circuit board inside a cloud
Cloud Computing
Microclouds: The Next Big Thing in Cloud Computing or Just Another Edge Strategy?Microclouds: The Next Big Thing in Cloud Computing or Just Another Edge Strategy?
byChristopher Tozzi
Sep 5, 2024
4 Min Read
a laptop infected with a virus and above it the words linux ransomware
Linux OS
Linux Ransomware Threats: How Attackers Target Linux SystemsLinux Ransomware Threats: How Attackers Target Linux Systems
byGrant Knoetze
Sep 4, 2024
8 Min Read
Exclusive ITPro Resources
See all ITPro Resources

Featured How Tos

A cartoon of a person sitting at a computer, with speech bubbles—one from the person saying Hello and one from the computer responding with Hello
PowerShell
PowerShell Speech Recognition: How To Set up Voice Commands and ResponsesPowerShell Speech Recognition: Set up Voice Commands and Responses
Migrating From VMware Guide cover
VMWare
Migrating From VMware: Guide to a Successful TransitionMigrating From VMware: Guide to a Successful Transition
a wall and fire with the words linux uncomplicated firewall (ufw) tutorial, configure and manage
Linux OS
Linux UFW (Uncomplicated Firewall) Configuration Made EasyLinux UFW (Uncomplicated Firewall) Configuration Made Easy
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up
Trending

Recent What Is

a laptop infected with a virus and above it the words linux ransomware
Linux OS
Linux Ransomware Threats: How Attackers Target Linux SystemsLinux Ransomware Threats: How Attackers Target Linux Systems
data privacy quiz sample question above a desk
Data Privacy
Data Privacy Quiz: 20 Questions To Test Your KnowledgeData Privacy Quiz: 20 Questions To Test Your Knowledge