Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Phishers are using Google Translate to mask their dubious URLs

Hackers have gotten extremely good at making phishing emails look legitimate, but still struggle with the websites they phish from. A savvy user can spot a fake URL a mile away.

Generally, if a user takes one look at the URL they’re being asked to click on, the phishing game is up. That’s why hackers have taken to hiding their content behind a Google Translate URL. This still doesn’t exactly look legitimate, but may be just enough to trick users on mobile where the URL is compressed enough to pass a quick glance.

Akamai security researcher Larry Cashdollar found himself targeted last month and has written about his experience on the company’s blog. On desktop, there were enough alarm bells to warn a savvy computer user, but on mobile everything is truncated and could easily appear legitimate to someone panicking about their security – especially when there’s no option to hover over URLs to check where they’re actually pointing.

Related: Best free antivirus

Once the link is clicked, it takes victims through to a phishy URL obfuscated by a Google Translate URL, which further muddies the waters on mobile. “Using Google Translate does a number of things,” Cashdollar writes. “It fills the URL (address) bar with lots of random text, but the most important thing visually is that the victim sees a legitimate Google domain. In some cases, this trick will help the criminal bypass endpoint defences.”

Picture of a clean white bowl, cleaned by Bosch Perfect Dry dishwasher

This particular attack feels pretty unsophisticated. Once you’ve entered your credentials, it kicks in with a second phishing attempt, this time trying to get you to log in to your Facebook account. This weird behaviour feels entirely counterintuitive, probably triggering more users to figure out what’s happening and move quickly to change their password.

But it’s still a worrying sign of things to come. Hackers know that more of us are using mobile than ever before, and a more sophisticated cybercriminal could clearly use the limitations of the medium to take advantage. When combined with standard social engineering techniques, that could prove depressingly effective.

Have you been targeted by hackers using Google Translate? Let us know on Twitter: @TrustedReviews.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.

Trusted Reviews Logo

Sign up to our newsletter

Get the best of Trusted Reviews delivered right to your inbox.

This is a test error message with some extra words