Attackers are spoofing Google Translate in an ongoing phishing campaign that uses a common JavaScript coding technique to bypass email security scanners. Leveraging trust in Google Translate is a never-before-seen approach, researchers said.
Researchers from Avanan, a Check Point Software Company, uncovered the campaign, which uses the coding technique to obfuscate phishing sites to make them appear legitimate to the end user as well as fool security gateways. The phish also use social engineering tactics to convince users they need to respond quickly to an email or face having an account closed,
according to a blog post published today. The messages direct a user to a link that directs them to a credential-harvesting page that appears to be a legitimate Google Translate page, with a pre-populated email field that requires only that a person enter his or her password to log in.
The campaign is an example of a number of current, increasingly more sophisticated tactics that threat actors are using in contemporary phishing campaigns to fool both more savvy end users who have become familiar with malicious tactics, as well as email scanners that delete suspicious messages before they get through, noted Jeremy Fuchs, an Avanan cybersecurity researcher and analyst.
