Google Translate Logo
  • New phishing campaigns take advantage of the Google Translate service to hide their domains behind it.
  • This technique ads credibility and conceals the actual landing page domain if viewed on mobile device interfaces.
  • These campaigns are not particularly polished right now, but if they are proven effective enough, they are bound to get better.

Phishing is based on tricking people through advanced social engineering and the creation of a fake image of a trustworthy entity. For anyone who browses the internet nowadays, Google is the most credible and legitimate online entity out there, so if you can somehow incorporate it into your phishing action, you have a solid basis for deception. Apparently, phishing groups have found a way to do just that, using Google Translate to load their landing pages which produces a URL that looks “Googly” enough to fool people.

Simple as it may be in its conception and execution, this trick can be very effective, especially on people who receive the links on their mobile devices where everything is compacted, and URLs cannot be appreciated at first glance. In these cases, the user will only see the first part of the URL which contains:  “https://translate.googleusercontent.com/translate…”, with the real domain following after quite a lot of characters, essentially staying hidden in mobile phone browsers and mail clients. The landing pages of these campaigns are specifically designed to target mobile users, and at this time, the forms that are used by the attackers to steal people’s login credentials on Google and Facebook are a bit outdated.

google_translate_phishing_script
Domain linking script; Source: blogs.akamai.com

Still, though, it’s a matter of time before the phishing actors update their kits and get back to hunting people’s credentials by even more obfuscated URLs, and more faithfully masqueraded landing pages. That said, pay attention to the links contained in emails that you get on your mobile device, set your browser to display the full URL/website address, and use a computer or laptop to hover over suspicious links instead of checking them out via your mobile device.

Have you received a phishing link that hides behind Google Translate? Share your experience in the comments section beneath, and feel free to share this story by visiting our socials, on Facebook and Twitter.