Phishing attacks are infamous ways of hackers to lure users and victimize them for their benefits. In the latest update, it is highlighted that cyber criminals are using a phishing campaign that tries to steal Facebook and Google account username and password. In the process, they are using Google Translate as a disguise on browsers of mobile phones.
What makes a user fall for it, is the Utilization of Google Translate to develop phishing page which is similar to Google domain. As it is not easy to differentiate between the real and fake especially when on mobile browsers.
How does it Work?
The phishing emails pose as a warning from Google as Security Alert saying that their account has been used to log in on a new Windows device. Then it asks you to know more about the warning by tapping on “Consult the activity” button.
When a user believes and clicks on the link, they will be redirected to Google Translate page which takes them to a remote phishing website which poses as Google account login.
It is easy to detect that you have been shown a phishing page using Google Translate, when on a desktop browser.
However, it is difficult to differentiate between a phishing page and authentic page on a mobile browser because the only minimal interface of Google Translate is displayed.
When a user enters username and password on the phishing page, a script will run which will sends the input information to the hackers. As hackers get their hands-on victim’s Google username and password, user is taken to another phishing page posing as a Facebook login page, where hackers will try to steal Facebook credentials as well. Again, the page was not optimized and therefore could be spotted as fake on a desktop browser.
It is astonishing to see how clever the hackers have become, and their cunning tricks will not stop here. Therefore, a user has to take an initiative and be careful while keying in their confidential information and also check the URL opened before performing any further action.
Also, it is significant to note that any reputable company such as Google will never prompt to login in your account via Google translate or any of another translation app for that matter.
When it comes down to security, undoubtedly these tech giants have to be extra careful and provide subtle indicators so that user could easily differentiate between the real and fake one. So to stay safe, it is going to take combined efforts from both users and companies to prevent any successful phishing attack.