Mitigate Google Translate Phishing
Cybercriminals have found a sneaky way to deceive people by disguising their harmful URLs with the Google Translate service, making it harder for email security systems to detect malicious attacks as the URL in the email seems valid and legitimate. In fact, the Google Translate URL points to a malicious website under the control of the attackers. This new technique poses a high-security risk for companies and asks for mitigation.
How it works
Google translate allows you to translate entire websites into your chosen language. a URL can be entered at https://translate.google.com/?sl=auto&tl=en&op=websites and then translated by Google Translate. The result is that a URL is then created with the original domain as a subdomain. For example, a translation from https://binsec.nl to Dutch looks like this.
Google Translate Phishing Technique
Block Google Translate URLs
To block such e-mail messages, the URLs below can be included in Microsoft Defender’s Tenant Allow/Block Lists.
1
2
translate.google.com
translate.goog
Microsoft Defender Block Google Translate Phishing
Result
As a result, e-mail messages received with one of these URLs in the body are forwarded to the quarantine and thus do not end up in the recipient’s inbox folder. Looking at the analysis from Microsoft Defender, it is visible that the e-mail message is blocked because of the listing of the URL in the Allow/Block Tenant URLs.
Microsoft Defender Blocked Google Translate Phishing