Phishing scam spoofs Google to target Spanish-language victims

Spanish-speaking internet users are being targeted with a phishing campaign that seeks to exploit Google Translate, research by Avanan has found.

Online thieves have apparently found that for them the tech giant’s interpreting function translates into money – with harvested credentials selling well on dark web forums and used to facilitate further cybercriminal attacks.

This particular campaign starts off with a standard social engineering salvo – potential victims are sent a message with an urgent call to action, telling them they must confirm their email account details or risk losing unread messages within the next two days.

This message is written in Spanish: “Tienes correos electrónicos entrantes pendientes que aún no has recibido.” This translates more or less as: “You have emails pending that you have not yet received.”

The ensuing lure that directs victims to click on the malicious link provided at the bottom of the email is also composed in Spanish.

Once the user clicks on the link, they are sent to what looks like a Google Translate version of an authentic login page.

Spanish language phishing email sent to targets

“Even though it says Google Translate in the top left, it’s not,” said Avanan. “It’s a lookalike site – and a pretty convincing one, at that. Behind the scenes, the hackers are using a lot of Javascript, including the Unescape command, to obfuscate their true intentions.”

These intentions are to get the dupe to enter their sensitive data, which is then scooped up by the scammers to be sold on the dark web or even used directly by them in another cybercriminal ploy.

“This attack has a little bit of everything,” said Avanan. “It has unique social engineering at the front end. It leverages a legitimate site to help get into the inbox. It uses trickery and obfuscation to confuse security services.”

Urging web users in all languages to remain ever-vigilant, Avanan recommends hovering over a page’s URL to determine its legitimacy: doing so in this case would have revealed the so-called Google Translate login page to be bogus.

“Popular sites convey legitimacy to the end user,” said Avanan. “A user is more likely to click on something that looks like Google than something they’ve never seen before. That’s what hackers are hoping happens.”

More from Cybernews:

Netflix opens first store in LA

Signal to ditch SMS support for Android devices

Nobody truly understands God – or quantum, says former national security adviser

Zuckerberg unveils Meta Quest Pro for $1,500

Google announces passkey support for Android

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked