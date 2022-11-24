



When discussing cybercriminal tactics, it is always a good idea to check the URL carefully when clicking links in emails. This is another red flag that links to pages translated using Google Translate. Theoretically, the sender of the email might want to help you by inviting you to visit a site in another language. However, in practice, this technique is most often used to evade anti-phishing mechanisms. If the message is part of a business communication and the site you opened after clicking the link asks you to enter your email credentials, close her browser window and delete the email immediately. please.

Why Attackers Use Google Translate Links

Let’s take a look at a recent example of a phishing scam via a Google Translate link.

The sender of the email claims that the attachment is some kind of payment document available only to the recipient and should be investigated for “contract meeting presentation and subsequent payment.”[開く]The button link points to the site translated by Google Translate. However, it will only become clear when you click on this, because in the email it says:

Weird wording may be an intentional attempt by the attacker to make the Google Translate link appear more convincing by giving the impression that it is not a native English speaker. Or maybe you just haven’t seen the actual email with the financial documents attached. Note the two links below (“Unsubscribe from this list” and “Manage your email preferences”) and the sendgrid.net domain in the links.

These indicate that the message was sent through a legitimate email service (in this case, the SendGrid service) rather than being sent manually, but other ESPs may have been used. This type of service typically protects reputation, regularly deletes phishing email campaigns, and blocks authors. So the attacker runs the link through her Google Translate. ESP’s security mechanism recognizes legitimate Google domains and does not consider the site suspicious. In other words, an attempt to fool not only the end-user target, but also the filter of the intermediary service.

What does a link to a page translated by Google Translate look like?

Google Translate allows you to translate an entire website by simply passing a link and choosing the source and target languages. The result is a link to the page with the original domain hyphenated and the URL appended with the domain translate.goog followed by the name of the original page and the language in which and from which the translation was made. followed by a key that indicates . For example, the URL for the Spanish translation of the home page of the English blog www.kaspersky.com/blog would be: =en&_x_tr_pto=wapp.

The phishing emails we analyzed were trying to lure users to:

The browser’s address bar shows some string garbage, but clearly indicates that the link was translated by Google Translate.

how to stay safe

To prevent company employees from falling for cybercriminal tactics, we recommend regularly updating your knowledge of phishing tactics (e.g. sending employees relevant links to our blog). Such). Incidentally, in the example above, the trained user never landed on the phishing page. The chances of a legitimate financial document addressed to a particular recipient being sent through her ESP service are slim at best. A while ago I posted about ESP-based phishing.

For added security, we recommend using a solution with anti-phishing technology, both at the corporate email server level and on all employee devices.

