New Phishing Attack Targets Victims Twice Using Google Translate

Akamai discovered a new phishing campaign alerting the user that their Google account had been accessed from a new Windows device. The message appears legitimate on a mobile device, but reveals red flags on a desktop. If the link is clicked, the landing page appears to be Google’s login portal, but the malicious website is loaded through Google Translate. A benefit for threat actors to use Google Translate is that it fills the URL field with random text and the victim sees a legitimate Google domain. If credentials are entered here, they are sent to the threat actors and then a second phishing attack is triggered, bringing the user to another landing page appearing to be Facebook’s mobile login portal. Again, if credentials are entered here, they are sent to the threat actors. The NJCCIC strongly recommends never opening attachments or using links provided in unsolicited emails to visit websites requiring the input of account credentials. Users who receive unexpected or unsolicited requests from known senders inviting them to click on a link or open an attachment should always verify the sender via another means of communication before taking any action. We recommend reviewing Akamai’s blog post for more details about this phishing campaign.

AlertNJCCICphishing, Google