Akamai has announced the discovery of a new phishing attack that spoofs a Google webpage.
Larry Cashdollar, working at Akamai, a cloud service provider, discovered the fraud campaign. Like many other phishing campaigns, this attack is conducted through email advising the recipient to take urgent action. The messages contain the subject line “Security Alert”, and the text “A user has just signed in to your Google Account from a new Windows device. We are sending you this email to verify that it is you.” The design of the email is virtually indistinguishable from a genuine Google email security alert.
The hacker embedded a button in the email inviting the user to “Consult the activity.” Upon clicking the link, the user is brought website crafted by the hacker to mimic a Google login page. An unsuspecting user would enter their login credentials as usual. The hacker harvests these credentials and uses them for nefarious purposes.
Although a well-designed email campaign, there are several indicators that the emails are fake. Firstly, the emails are sent from a Hotmail account – email@example.com. Google would not send a real security alert from a Hotmail account.
The website to which the user is directed has a suspicious-looking URL. The website is served through Google Translate. The visible part of the URL in the address bar starts with translate.googleusercontent.com/translate, which may not evoke suspicion from many users. The full URL is fake, however. However, this URL is only displayed clearly if the user logs in via a desktop, not those using mobile devices.
If the user enters their Google credentials in the login box, the site redirects to a fake Facebook login page. Having already stolen their email logins, the attackers also attempts to gain access to their victims’ Facebook accounts. Those familiar with the social media site would recognise the design of this webpage as an outdated version of Facebook and therefore realise that this is a spoof campaign. Although they may notice the phishing attack in time for them to protect their Facebook account, the hacker has already stolen their email credentials.
The easiest way to avoid being misdirected to a fake website is not to follow the link embedded in an email. Instead, search for the website in question in a new tab, and log in through that link instead. If there is something wrong with your account, a notification appears on login. Furthermore, familiarising yourself with common phrases used in phishing emails (such as being addressed to “our valued customer” instead of your name/username) can help protect yourself against scams which have made it past the email filters.