Threat actors using images, Google translate links, and special characters to launch phishing attacks

Threat actors are using images, Google translate links, and special characters to launch phishing attacks and bypass security measures  

Updated - March 17, 2023 06:04 pm IST

Published - March 17, 2023 01:43 pm IST

Cybercriminals are using images, Google translate links, and special characters to launch phishing attacks.

Cybercriminals are using images, Google translate links, and special characters to launch phishing attacks. | Photo Credit: Getty Images

Cybercriminals are using three novel tactics to bypass scrutiny by security measures and launch phishing attacks. These include using Google Translate service, images, and special characters in text to hide malicious URLs.

While the overall volume of attacks using these tactics is currently low, with each tactic making up less than 1% of attempted phishing attacks, they are widespread, with between 11% and 15% of organisations affected, often with multiple attacks, a research report from Barracuda said.

In attacks that used the Google Translate service for websites to hide malicious URLs, attackers were found to use poorly-formed HTML pages or a non-supported language to prevent Google from translating the webpage. Google responds by providing a link back to the original URL stating that it cannot translate the underlying website.

Attackers embed these URLs in an email and if a recipient clicks on it, they are taken to a fake but authentic-looking website that is in fact a phishing website, the report said.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

In image-based phishing attacks, cybercriminals were found to be using images of invoices that include links or a callback phone number that, when followed up, leads to phishing.

Cyberattackers were also found to be using special characters, such as zero-width Unicode code points, punctuation, non-Latin script, or spaces, to evade detection.

This type of tactic, is also used in “typo-squatting” web address attacks, which mimic the genuine site but with a slight misspelling. When used in phishing emails, the special characters are not visible to the recipient and attackers insert a zero-width (no) space within the malicious URL embedded in a phishing email, breaking the URL pattern so that security technologies do not detect it as malicious.

Because these attacks do not include any text, traditional email security struggles to detect them, and these methods were found to be used to target around one-in-10 (11%) organisations in January 2023.

“Phishing is a common starting point for many cyberattacks, including ransomware, financial fraud and credential theft. With cyberattacks rising rampantly in India in recent times, cybercriminals continue to develop their phishing approaches to trap unwary recipients and avoid being spotted and blocked”, said Parag Khurana, Country Manager, Barracuda Networks India.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.