A circulating email phishing campaign uses the online translation tool Google Translate to obscure a link included in phishing emails. When victims access the link, they are led to a fake domain: a spoofed login page for Google or Facebook whose URL is obscured in their browser’s address bar. Enter your credentials and BOOM – the bad guys own you. This technique appears to bypass in-browser security notifications.
Using Google Translate as means to hide malicious action is a unique tactic, but this campaign doesn’t appear to be a ‘professional’ attack. Rather it appears to be a widespread and untargeted campaign. But still, because it’s new make sure you alert your users to be on the lookout.
And if you’re not sure that your users are prepared to recognize these types of attacks, contact us to learn more about end-user security awareness training. For a very small investment, you can train everyone in your organization to spot these types of threats.
Everyone stay safe out there!