Threat Actors Abuse Google Translate to Craft Phishing Links



Google Translate ScamThreat actors are abusing Google Translate’s redirect feature to craft phishing links that appear to belong to Google, according to researchers at Abnormal Security. 

Users are more likely to trust links that end in Google’s “.goog” domain, and security filters are less likely to flag these URLs as malicious.

“When you enter a URL into Google Translate, it generates a new link, redirecting the user through its platform to the requested page,” the researchers explain.

“This allows users to seamlessly view translated content from other websites within the familiar Google Translate interface, keeping the user experience consistent. The way Google Translate creates these redirects is simple: it takes the original URL and appends it to a new domain (like translate.goog), along with some additional parameters. Unfortunately, this process also opens a door for attackers to exploit this redirection feature for malicious purposes.”

The researchers note that users can still thwart these attacks if they know what to look for. Even if a URL is hosted on a Google domain, receiving a Google Translate link is unusual and should raise red flags for users who have a healthy sense of suspicion.

“Carefully examining URLs is the first line of defense,” the researchers conclude. “Always take a moment to review the entire link before clicking, particularly looking out for encoded domains or odd usage of tools like Google Translate within the URL. If something feels off, it's better to err on the side of caution and avoid entering sensitive credentials on sites reached through unexpected redirects.

For organizations, it’s important to configure email and web filters to thoroughly analyze full URL paths, including any redirects or encoded domains. Alongside this, invest in consistent employee training to raise awareness about how attackers may leverage trusted platforms, such as Google Translate, to facilitate phishing schemes.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Abnormal Security has the story.


Stop Advanced Phishing Attacks with KnowBe4 Defend

KnowBe4 Defend takes a new approach to email security by addressing the gaps in M365 and Secure Email Gateways (SEGs). Defend helps you respond to threats quicker, dynamically improve security and stop advanced phishing threats. It reduces admin overhead, enhances detection and engages users to build a stronger security culture.

BreachSim LogoWith KnowBe4 Defend you can:

  • Reduce risk of data breaches by detecting threats missed by M365 and SEGs
  • Free up admin resources by automating email security tasks
  • Educate users with color-coded banners to turn risks into teachable moments
  • Continuously assess and dynamically adapt security detection reducing admin overhead
  • Leverage live threat intelligence to automate training and simulations

Request a Demo

PS: Don't like to click on redirected buttons? Cut and paste this link in your browser:

https://www.knowbe4.com/products/defend-demo



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews