According to a report by ZDNet, cyber-criminal groups are using Google Translate to steal your data. They are hiding the real domain name behind the Google Translate website. Victims will reach this website if they click on a link sent to them in an email. This act of redirecting you to a trusted website lookalike to steal your data is called Phishing. The fact that the Phishing website is hidden behind a Google Translate website was discovered by Akamai security researcher Larry Cashdollar. Google has issued a statement to ZDnet saying that "We are aware of the Phishing attempts and have blocked all sites in question, on multiple levels. If users encounter a phishing site, they can report them at this URL and we will take appropriate action”.
Phishing as a technique for getting users data isn't new. Users will receive an email saying that they have one a prize and need to click on the link to claim it. Clicking on the link will lead them to a familiar or popular social networking website like Facebook or Gmail and request a login. This is where most people get fooled. It is easy to spot a phishing website when you are on a desktop as the browser will show you the complete URL which will not be the same as the URL of the original website. If you do fall in the trap and log in, then your data such as ID and password is sent to the person who sent you this link.
Talking about the Google Translate Phishing hack in question, it is difficult for a user to make out the malicious URL on a smartphone. But hover over the link in the mail or seeing the complete URL on a desktop browser will reveal if you are on the actual Google Translate page or on the Phishing website.
This particular Phishing exercise in question was trying to extract Facebook and Gmail login from the user in a single attempt. This was done by quickly redirecting users from the Google login to the Facebook Login. According to ZDNet, this was a “greedy mistake that would have most likely alerted users that they've just been phished, and pushed them to change passwords right away”.
As of writing this story, Google has said that it has blocked the malicious link that is conducting the Phishing activity. But for those of you that are not aware of how online scams work remember two things. If an email telling you that “you've won something” sounds too good to be true, then it probably is. Secondly, never click on links sent from unknown sources. You never know what it contain!