Security News > 2020 > March > Convincing Google Impersonation Opens Door to MiTM, Phishing

Convincing Google Impersonation Opens Door to MiTM, Phishing
2020-03-16 21:13

Setting out to find out, the researcher turned to the main domain registrars - GoDaddy, Namecheap and even Google Domains - to first see if he could snag appropriate URLs.

"The great thing about using a proxy is that my domain's links previews, in every single platform, fetches Google Translate's exact description while pointing to my link," the researcher explained.

In all, Lumelsky said that it was a simple affair to set up a very convincing fake domain - it took minutes, with no coding, he explained.

"The original Google application is served, it functions an expected, but I am exposed to the user's traffic with the domain. Therefore, I can change the body of Google's response."

"I can, for example, override all the tags in the HTML. Instead of pointing them to a subdomain in google.com we can point them to a custom phishing login page, within ɢoogletranslate.com domain. We can steal the user's login credentials to Google by overriding the links within the page, and pointing them to accounts.ɢoogletranslate.com."


News URL

https://threatpost.com/convincing-google-impersonation-opens-door-to-mitm-phishing/153745/?utm_source=rss&utm_medium=rss&utm_campaign=convincing-google-impersonation-opens-door-to-mitm-phishing

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995