Mitigate Google Translate Phishing

Mitigate Google Translate Phishing

Cybercriminals have found a sneaky way to deceive people by disguising their harmful URLs with the Google Translate service, making it harder for email security systems to detect malicious attacks as the URL in the email seems valid and legitimate. In fact, the Google Translate URL points to a malicious website under the control of the attackers. This new technique poses a high-security risk for companies and asks for mitigation.

How it works

Google translate allows you to translate entire websites into your chosen language. a URL can be entered at and then translated by Google Translate. The result is that a URL is then created with the original domain as a subdomain. For example, a translation from to Dutch looks like this.

Google Translate Phishing Technique Google Translate Phishing Technique

Block Google Translate URLs

To block such e-mail messages, the URLs below can be included in Microsoft Defender’s Tenant Allow/Block Lists.


Microsoft Defender Block Google Translate Phishing Microsoft Defender Block Google Translate Phishing


As a result, e-mail messages received with one of these URLs in the body are forwarded to the quarantine and thus do not end up in the recipient’s inbox folder. Looking at the analysis from Microsoft Defender, it is visible that the e-mail message is blocked because of the listing of the URL in the Allow/Block Tenant URLs.

Microsoft Defender Blocked Google Translate Phishing Microsoft Defender Blocked Google Translate Phishing


This post is licensed under CC BY 4.0 by the author.