
Summary
This rule is designed to detect unsolicited links that lead to malicious sites, disguised using the Google Translate service. Cyber attackers have been known to use the Google Translate URL format to mask their links and deliver them to potential victims, taking advantage of the reputable nature of the service to bypass security checks. The rule operates by analyzing incoming message links for patterns consistent with the use of Google Translate, specifically looking for URLs that feature the translate.goog domain. It also identifies whether these links come from unsolicited senders or if the sender has a history of disseminating spam or malicious content. By employing sender and URL analysis techniques, this detection rule helps to mitigate the risk of credential phishing attempts exploiting open redirect vulnerabilities.
Categories
- Web
- Cloud
- Identity Management
Data Sources
- User Account
- Network Traffic
- Application Log
Created: 2023-04-03