Google Translate phishing attempt
Akamai

You know, the thing with scammers is that they’re always going to find new ways to scam. It’s what they do. And this new Google Translate phishing attempt is simple, yet brilliant. It’s one you’ll have to watch out for.

Most phishing attempts do at least a somewhat good job of creating replica pages for whatever site they’re trying to jack your data from—like an Apple or Google login page, for example. But there’s generally one big red flag that’s fairly easy to spot: a shoddy URL. If you pay attention, the URL will give it away every time.

That’s where this new phishing tactic stands out: it redirects through Google Translate, so the URL starts with “translate.google.com” and appears more legit than some gibberish crap URL. Even trained eyes could be forgiven for seeing “google.com” in the URL and assuming it’s legit. That’s why this one requires extra attention.

Google Translate phishing redirect
Akamai

The phishing attempt works something like this: you get an email stating that something is going on with your Google account—someone is trying to access it, like in the header image of this post. The email looks convincing enough, so you click on the link, which is actually a garbage URL redirected through Google Translate. You put in your info, and the next thing you know some scumbag just gained access to your account.

To avoid falling victim to the crap (but clever) tactic, just pay attention—even more than normal. Check the email address the alert is coming from, for example. Security research company Akamai reported on an instance of this type of scam coming in from “facebook_secur@hotmail.com,” which makes no sense at all. Why is Facebook asking for your Gmail credentials? They’re not. It’s someone trying to steal your stuff.

Otherwise, just watch out for the “translate.google.com” URL. Google isn’t sending official emails through Translate, because again, that’s just stupid.

Be vigilant, be skeptical. Question everything. Pay attention. Oh, and enable two-factor authentication everywhere. You know, just in case.

Akamai via Gizmodo