Hackers are reportedly using Google Translate web links for phishing users and stealing their personal information. In its latest research, Barracuda Networks has unveiled three novel tactics that were detected in phishing attacks during January 2023 as cybercriminals are continuously evolving their attempts to trick victims, bypass security measures, and avoid detection.
In January, researchers at Barracuda noted email attacks that used the Google Translate service for websites to hide malicious URLs (web page addresses). The attackers use poorly-formed HTML pages or a non-supported language to prevent Google from translating the web page – and Google responds by providing a link back to the original URL stating that it cannot translate the underlying website.
The attackers embed that URL link in an email and if a recipient clicks on it, they are taken to a fake but authentic-looking website that is in fact a phishing website controlled by the attackers. Such attacks are difficult to detect since they contain a URL that points to a legitimate website. As a result, many email filtering technologies will allow these attacks through to users’ inboxes. Further, the attackers can change the malicious payload at the time of email delivery, making them even harder to spot.
Barracuda researchers analyzed data of phishing emails blocked by Barracuda systems. And while the overall volume of attacks using these tactics is currently low – with each tactic making up less than 1% of attempted phishing attacks – they are widespread, with between 11% and 15% of organizations affected, often with multiple attacks.
Hackers are reportedly using Google Translate web links for phishing users and stealing their personal information. In its latest research, Barracuda Networks has unveiled three novel tactics that were detected in phishing attacks during January 2023 as cybercriminals are continuously evolving their attempts to trick victims, bypass security measures, and avoid detection.
In January, researchers at Barracuda noted email attacks that used the Google Translate service for websites to hide malicious URLs (web page addresses). The attackers use poorly-formed HTML pages or a non-supported language to prevent Google from translating the web page – and Google responds by providing a link back to the original URL stating that it cannot translate the underlying website.
The attackers embed that URL link in an email and if a recipient clicks on it, they are taken to a fake but authentic-looking website that is in fact a phishing website controlled by the attackers. Such attacks are difficult to detect since they contain a URL that points to a legitimate website. As a result, many email filtering technologies will allow these attacks through to users’ inboxes. Further, the attackers can change the malicious payload at the time of email delivery, making them even harder to spot.
Barracuda researchers analyzed data of phishing emails blocked by Barracuda systems. And while the overall volume of attacks using these tactics is currently low – with each tactic making up less than 1% of attempted phishing attacks – they are widespread, with between 11% and 15% of organizations affected, often with multiple attacks.