In an interesting twist, this latest scam identified by security researchers at Avanan attempts to establish legitimacy by making the victim think the logon page is being translated.
Most scams focused on stealing the victim’s credentials tend to spoof the specific platform to which the credentials provide access. We’ve seen it time and time again with attacks on Microsoft 365 users. But in this latest attack – apparently on G Suite users – the threat actors got somewhat creative.
The initial phishing email targets Spanish-speaking users, using a pretty common social engineering tactic revolving around the need to confirm an account.
The unique execution here is the spoofing of a Google Translate page to make the victim user believe they are providing credentials within a safe environment – one owned and operated by Google.
This additional step helps to establishing the illusion of legitimacy for the victim, lowering the defenses and increasing the chances they will provide their credentials.
There are telltale signs that this email is totally bogus: the sender’s email address and the URL on the “Google Translate” page both don’t match up – something easily spotted by users that undergo continual Security Awareness Training.