Hackers can use Google Translate for phishing

Science

09 Feb 2019

Hackers can use Google Translate to steal your password

Amid increasing reports of cyber crimes, a new form of phishing attack has come to light.

Apparently, some attackers are using Google Translate to mask themselves and trick people into giving away their confidential login-passwords for Facebook and Google.

Their technique looks legit but can be avoided, if you choose to exercise caution.

Here's more about it.

Attack

What is a phishing attack?

What is a phishing attack?

Phishing, one of the oldest attack vectors in the book of cybercriminals, revolves around creating fake pages and tricking targets into giving away their details through them.

Attackers mimic popular websites, like Netflix and others, to convince unsuspecting users into entering their details.

And, sometimes, they may even put some kind of warning messages or alerts to make this look authentic.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify Me

New trick

How hackers are using Google Translate for phishing

In typical attacks, hackers create fake pages by copying original visual elements but host them on slightly different domains (say netfllix.com).

But, this can easily reveal their scam, a problem that some hackers have started solving by using Google Translate.

Basically, they are masking the fake URL with Google Translate to convince you into thinking that the page is original.

Details

Google accounts are targeted by these hackers

Google accounts are targeted by these hackers

According to a security researcher, who was targeted by this scam, hackers are mailing about unauthorized Google login to trick users into giving away their Google email and passwords.

Their email looked like a standard Google notification, while the URL for proceeding with next steps started with www.translate.google.com.

This, combined with visual elements of a typical Google login page, made the attack look legit.

The page loaded in Google Translate's interface

Translated URLs load in Google Translate's interface. This, in itself, shows the page has been modified but some unaware users or inattentive users can easily fall for the trap. Also, once you log in, the fake page redirects to Facebook (which is also weird).

Preventive steps

Look for clues to avoid such attacks

Phishing attacks can appear pretty authentic, but you can avoid them by checking from where the email has come and looking for errors in it.

They can have different errors; like in this case, the hackers used 'facebook_secur@hotmail.com' to inform about unauthorized Google login, which is something that never happens.

So far, Google has not commented on how it plans to prevent such attacks.

Share this timeline

Share this timeline

Ask NewsBytes
User Image

Most asked questions

Can they steal money?

What are other risks of phishing scams?

How to avoid such scams?

Will Google stop this attack?

More questions

Can they steal money?

Asked 2019-02-09 00:19:11 by Ishan Kapoor

Answered by NewsBytes

With a phishing scam, they can get you to type your banking or card details on their fake page. Once that's done and the details are submitted, that information could instantly go to their servers. Then, they can use it to steal your money.

What are other risks of phishing scams?

Asked 2019-02-09 00:19:11 by Hemant Mukopadhyay

Answered by NewsBytes

Phishing scams can be used for identity or financial theft. Plus, they can also be leveraged for installing malware on your computer for remote access or cryptocurrency mining.

How to avoid such scams?

Asked 2019-02-09 00:19:11 by Shreyas Malhotra

Answered by NewsBytes

The best way to avoid such scams is to use the official website of any service and not using any links given via emails.

Will Google stop this attack?

Asked 2019-02-09 00:19:11 by Vishal Khan

Answered by NewsBytes

So far, Google has not commented on the matter and it is not clear how the company plans on stopping such attacks.

Next Timeline