Security Affairs
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Phishing campaign leverages Google Translate as camouflage

Crooks leverage Google Translate service as camouflage on mobile browsers in a phishing campaign aimed at stealing Google account and Facebook credentials. The security expert Larry Cashdollar, a member of Akamai’s Security Intelligence Response Team (SIRT), discovered that cybercriminals are carrying out a new Phishing attack that leverages Google Translate as camouflage. The phishing campaign […]

phishing email Google Translate

Crooks leverage Google Translate service as camouflage on mobile browsers in a phishing campaign aimed at stealing Google account and Facebook credentials.

The security expert Larry Cashdollar, a member of Akamai’s Security Intelligence Response Team (SIRT), discovered that cybercriminals are carrying out a new Phishing attack that leverages Google Translate as camouflage.

The phishing campaign targets both Google and Facebook accounts, the use of Google Translate allows the attackers to make the phishing page as a legitimate form from a Google domain. The technique makes it harder to detect the attack on mobile browsers.

These phishing emails pose as alerts sent by Google that inform users that their accounts were accessed from a new Windows device. The malicious emails come with a subject of “Security Alert,” they attempt to trick victims to click on the “Consult the activity” button to receive more information about the potential unauthorized access.

When a user clicks on the link embedded in the phishing message, he will be redirected to a Google Translate page that opens up a phishing page that appears to be a Google Account login. 

The expert pointed out that this kind of attack could be easily detected by users on desktop browsers because the Translate toolbar is visible.

On mobile browsers, it is much difficult to understand that the displayed page is the result of Google Translate because the interface of the service is minimal.

“Using Google Translate does a number of things; it fills the URL (address) bar with lots of random text, but the most important thing visually is that the victim sees a legitimate Google domain. In some cases, this trick will help the criminal bypass endpoint defenses.” reads the analysis published by Cashdollar.

“However, while this method of obfuscation might enjoy some success on mobile devices (the landing page is a near-perfect clone of Google’s older login portal), it fails completely when viewed from a computer.”

When the victims provide their Google/Facebook credentials to the phishing page, a script will send them to the attacker via email.

Once obtained the victim’s credentials, attackers carry out a second phishing attack to attempt obtaining also Facebook credentials.

According to Cashdollar, the Facebook phishing page was not optimized as well for mobile and was very easy to spot.

“Some phishing attacks are more sophisticated than others. In this case, the attack was easily spotted the moment I checked the message on my computer in addition to seeing it on my mobile device. However, other, more clever attacks fool thousands of people daily, even IT and Security professionals.” concludes the expert.

“The best defense is a good offense. That means taking your time and examining the message fully before taking any actions.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – phishing, Google Translate)

[adrotate banner=”5″] [adrotate banner=”13″]