An innovative campaign to spread phishing was recently detected. This attack used the Google translate service to make malicious links appear legitimate when visited only on mobile browsers.
The attack starts by receiving an email about an unauthorized access to the user’s Google account. The phishing mail content contains a replication of the standard Google security alert; same format and logos.
It also contains a button to incite the user to check their account activity and take action to secure the account. When the user is visiting from a laptop or desktop, the link will redirect the user to the phishing site, which is a clone of the Google login and uses an URL different from Google services.
However, if it is visited from a mobile device, the phishing site uses Google Translate to display the URL. Most important is that the visible part of the displayed in the browser starts with translate.googleusercontent.com/translate_.
This URL also contains the phishing URL, which is easy to detect only if the user inspects the URL manually.
This last redirection from the Google to Facebook fake login will raise suspicions among users, and maybe they will not be fooled to submit their credentials again.
Employee security awareness training is highly recommended. However, this is not enough protection due to the fact that users make mistakes.
Advanced spam filters should be implemented to prevent malicious email from being delivered to corporate inboxes. A web and cloud filter should and can prevent users from access to phishing sites.
As cybercriminals evolve their tactics in social engineering, we too must evolve our procedures in response and prevention. Learn more about social engineering trends and discover how to protect your organization against cybercriminals.
Download our guide, “Evolving with Cybercriminals: How to Respond to Social Engineering Techniques,” to learn how to further protect your organization against cybercriminals. Get the Guide →