A new phishing campaign masquerading as Google Translate has been discovered to trick victims.
The campaign was detected by Avanan cybersecurity researchers, who found numerous phishing emails, some of which were written in Spanish.
The emails are what one would expect from a phishing attack, claiming to be from the victim's email provider, stating that their identity (opens in a new tab) is unconfirmed and unless they act immediately they will lose access to unread messages.
Lots of JavaScript
This is common practice with phishing emails, the researchers say, as the sense of urgency causes people to act irrationally and recklessly, making them more likely to click on a malicious link or download a malicious software. malicious attachment.
To "confirm" their identity, victims are asked to click on a link provided in the email itself. Those who fall for the scam and click the link are redirected to a page that looks like Google Translate (which it isn't). However, at the top of the page is a login dialog, where victims need to enter their credentials. The username/password combination (opens in a new tab) entered here goes directly to the attackers.
The fake translation page looks pretty authentic, the researchers say, adding that the attackers used "a lot of JavaScript" to achieve it. They also included the Unescape command to hide their true intentions, it was said.
“This attack has a bit of everything,” the experts conclude. "It has unique upstream social engineering. It operates a legitimate site to help break into the inbox. It uses deception and obfuscation to confuse security services."
To defend against such attacks, users must be extremely vigilant, the researchers warn.
In general, emails that demand urgent action from the user are likely phishing attacks and should be treated with special caution.