Page Loader
Hackers can use Google Translate to steal your password

Hackers can use Google Translate to steal your password

Feb 09, 2019
12:20 am

What's the story

Amid increasing reports of cyber crimes, a new form of phishing attack has come to light. Apparently, some attackers are using Google Translate to mask themselves and trick people into giving away their confidential login-passwords for Facebook and Google. Their technique looks legit but can be avoided, if you choose to exercise caution. Here's more about it.

Attack

What is a phishing attack?

Phishing, one of the oldest attack vectors in the book of cybercriminals, revolves around creating fake pages and tricking targets into giving away their details through them. Attackers mimic popular websites, like Netflix and others, to convince unsuspecting users into entering their details. And, sometimes, they may even put some kind of warning messages or alerts to make this look authentic.

New trick

How hackers are using Google Translate for phishing

In typical attacks, hackers create fake pages by copying original visual elements but host them on slightly different domains (say netfllix.com). But, this can easily reveal their scam, a problem that some hackers have started solving by using Google Translate. Basically, they are masking the fake URL with Google Translate to convince you into thinking that the page is original.

Details

Google accounts are targeted by these hackers

According to a security researcher, who was targeted by this scam, hackers are mailing about unauthorized Google login to trick users into giving away their Google email and passwords. Their email looked like a standard Google notification, while the URL for proceeding with next steps started with www.translate.google.com. This, combined with visual elements of a typical Google login page, made the attack look legit.

Information

The page loaded in Google Translate's interface

Translated URLs load in Google Translate's interface. This, in itself, shows the page has been modified but some unaware users or inattentive users can easily fall for the trap. Also, once you log in, the fake page redirects to Facebook (which is also weird).

Preventive steps

Look for clues to avoid such attacks

Phishing attacks can appear pretty authentic, but you can avoid them by checking from where the email has come and looking for errors in it. They can have different errors; like in this case, the hackers used 'facebook_secur@hotmail.com' to inform about unauthorized Google login, which is something that never happens. So far, Google has not commented on how it plans to prevent such attacks.