On Thu, 10 Nov 2022, MRob via mailop wrote:
Recent I saw a link in a spam which wanted to phish credential:
https://translate.google.com/translate?sl=auto&tl=en&hl=en&u=ipfs.io/ipfs/<longstring>/index.html?submit=<user>@<mydomain>&client=webapp
Google translate shows a live page the user can input data into so
effectively google is hosting the payload for the spammer? (indirect over
anon IPFS network)
See for yourself:
https://translate.google.com/translate?sl=auto&tl=en&hl=en&u=duckduckgo.com
https://translate.google.com/translate?sl=auto&tl=en&hl=en&u=spammers.dontlike.us/mailman/listinfo/
Now you can click on the "List" link, see that it allows to browse the
mailman website using google domain translate.goog
First, I missed that Google was given a TLD (whois says back in 2015)
So spammer and phisher can host website on sketchy server but freely use
Google for best possible reputation for web hosting and for putting link into
spam email and successfully avoid URIBL type checks.
Thanks for the heads-up.
(Some) browsers can do automatic translation; we can encourage users to
post the original URL and "down-repute" translate.google.com and .goog
Is it worth an article in redit or similar ?
Does anyone have access to proofpoint urldefence.com and similar
to see what they do ?
--
Andrew C. Aitchison Kendal, UK
[email protected]
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
