Security researchers at Avanan discovered this email impersonation phishing campaign. Mostly targeted at Spanish speakers, the attack employs the usual tactic of creating a sense of urgency in users by sending fake email alerts. The emails claim to have come from Google and alert users to immediately verify their identity or they might lose access to the account. “Hello, you have pending incoming emails that you haven’t received yet. Access will be restricted until ownership is confirmed. Confirm account now. Note: access will be restricted within 48 business hours,” the email reads. This is a tactic to make unsuspecting users react quickly without verifying the legitimacy of the email. In hurry, they end up clicking on malicious links, opening the door for attackers. The verification link provided in the email takes them to a webpage that looks like Google Translate. A quick look at the URL would tell it’s not Google Translate, but the victims are not aware of that. The page contains a login box where users are asked to enter their login credentials. But the information they enter in this box goes directly to attackers. They now have the victim’s email username and password and can use that information to launch a more devastating attack.

This phishing campaign uses Javascript to impersonate Google Translate

According to the new report, this phishing campaign uses “a lot of Javascript” to make the malicious webpage look like Google Translate. Attackers are also using the Unescape command to obscure their true intentions. All this is to ensure that victims don’t get suspicious and reveal sensitive information without thinking much. “This attack has a little bit of everything. It has unique social engineering at the front end,” the security researchers say. “It leverages a legitimate site to help get into the inbox” and “uses trickery and obfuscation to confuse security services. Users must stay vigilant when responding to emails demanding urgent action with warnings that they may lose access to a certain service. Such emails are mostly malicious. Legitimate services never send such emails. You can also check a website’s URL to see if you’re entering your lodging credentials in the right place.