A new phishing campaign imitating Google Translate to defraud victims was discovered.
The campaign was spotted by Avanan cybersecurity researchers who found many phishing emails, some of which were written in Spanish.
The emails follow what you’d expect from a phishing attack, claiming to come from the victim’s email provider, stating that their identity was (opens in a new tab) will not be acknowledged and they will lose access to unread messages if they do not take immediate action.
Lots of JavaScript
Researchers say this is standard practice for phishing emails as the sense of urgency makes people act irrational and reckless, increasing the likelihood of clicking a malicious link or downloading a malicious attachment.
To ‘confirm’ their identity, victims are asked to click on a link provided in the email itself. People who fall into the scam and click the link are redirected to a page that looks like Google Translate (which it is not). However, there is a login popup at the top of the page where victims should enter their credentials. User name: Password (opens in a new tab) the combination entered there goes straight to the attackers.
The fake Translator site looks quite authentic, the researchers said, adding that the attackers used “a lot of Javascript” to make this happen. It was said that they also contained the Unescape command to hide their true intentions.
“This attack has a bit of everything,” the experts conclude. “It has unique social engineering at the front. It uses a legitimate website to help get into your inbox. It uses deception and obfuscation to confuse security services. “
Scientists warn that users must be extremely vigilant in order to defend themselves against such attacks.
As a general rule, email messages that require urgent user action are most likely phishing attacks and should be handled with caution.