Threat actors are abusing Google Translate’s redirect feature to craft phishing links that appear to belong to Google, according to researchers at Abnormal Security.
Users are more likely to trust links that end in Google’s “.goog” domain, and security filters are less likely to flag these URLs as malicious.
“When you enter a URL into Google Translate, it generates a new link, redirecting the user through its platform to the requested page,” the researchers explain.
“This allows users to seamlessly view translated content from other websites within the familiar Google Translate interface, keeping the user experience consistent. The way Google Translate creates these redirects is simple: it takes the original URL and appends it to a new domain (like translate.goog), along with some additional parameters. Unfortunately, this process also opens a door for attackers to exploit this redirection feature for malicious purposes.”
The researchers note that users can still thwart these attacks if they know what to look for. Even if a URL is hosted on a Google domain, receiving a Google Translate link is unusual and should raise red flags for users who have a healthy sense of suspicion.
“Carefully examining URLs is the first line of defense,” the researchers conclude. “Always take a moment to review the entire link before clicking, particularly looking out for encoded domains or odd usage of tools like Google Translate within the URL. If something feels off, it's better to err on the side of caution and avoid entering sensitive credentials on sites reached through unexpected redirects.
For organizations, it’s important to configure email and web filters to thoroughly analyze full URL paths, including any redirects or encoded domains. Alongside this, invest in consistent employee training to raise awareness about how attackers may leverage trusted platforms, such as Google Translate, to facilitate phishing schemes.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Abnormal Security has the story.