According to new research from Avanan, attackers are spoofing Google Translate in a new phishing campaign that uses a common JavaScript coding technique. The JavaScript technique allows it to bypass email security scanners. Researchers state that leveraging trust in Google Translate is a new approach that has not been observed until now. Avanan uncovered the campaign, which leverages the coding technique to obfuscate phishing sites and make them appear legitimate to the target.
The campaign also contains a level of social engineering tactics, encouraging users to respond quickly to a phishing email or face having their account close. The phishing email then directs the target to a link that ultimately harvests credentials. The page appears to be a legitimate Google Translate page, with a pre-populated email field that requires only a password. The campaign is an example of how threat actors are leveraging a slew of contemporary phishing tactics to fool more targets.
Read More: Cyberattackers Spoof Google Translate in Unique Phishing Tactic