January 4, 2024

How machine translation is making some countries more vulnerable to cybercrime

(*Linked or embedded content may have been removed or be unavailable.)

Like just about any other technology, MT (Machine Translation) is a double-edged sword. It has made it easier and cheaper for many to localize their content into other languages and reach a wider audience. It has also made it possible for some bad actors to hack websites and send fraudulent messages to your desktop. In this post we take a quick look at how it all happened and how MT can actually damage your reputation and brand image if not used carefully.

Machine translationfriend and foe

MT has increased the risk of cybercrime in two ways. First, it has made it easier for cybercriminals to target websites that are in languages that they don’t understand such as Japanese, which had provided a natural language barrier that also served as a security barrier of sorts.

Atsuyoshi Shimazu of cybersecurity firm Caulis described the turning point this way: “Before 2013, there was no damage in Japan because most browsers didn’t have a translating function. From the end of 2012 to the beginning of 2013, Firefox, Google Chrome, and Internet Explorer all added language translation functions so many hackers were able to figure ‘Oh, this is a Japan bank. This is an e-commerce site. This is a credit card company.’ So the hackers attacking Japan grew.” In a way, MT wound up giving the bad guys a leg up.

Second, MT also made it easier for internet fraudsters to push out scammy content into the world through emails and short messages. Criminal groups involved in Business Email Compromise (BEC) scams are using MT tools and machine learning technology to distribute more persuasive emails in multiple languages in order to increase the effectiveness of their email scams.

Although it may seem like old news, business email fraud remains one of the most effective and financially damaging types of cyber attacks. The FBI estimates the total damage suffered by businesses from June 2016 to December 2021 as exceeding USD43 billion, and attacks have been reported in 177 countries.

For cybercriminals, business email fraud is a relatively simple yet profitable endeavor. All that’s needed is an email account to send a phishing email masquerading as a trusted source, such as the recipient’s colleague, boss, business partner, or a service provider. Usually, the content is a request for a wire transfer, or a message urging that you click on a link or open an attached file. Even the oldest scams, like the ol’ Nigerian Prince email scam (a.k.a. 419 scam) that took the internet by storm many years ago, are still alive and kicking.

Researchers at the email security company Abnormal Security analyzed some large-scale business email fraud activity and found that machine learning-powered MT tools like Google Translate were used to create fraudulent emails, enabling more cybercrime groups to commit larger-scale email scams at little or no cost.

“Attacking targets across various regions and using multiple languages is nothing new. However, in the past, these attacks were perpetrated mainly by sophisticated organizations with bigger budgets and more advanced resources. For example, to effectively translate email text for more believable social engineering efforts, organizations often hire native speakers. But, as technology becomes more accessible and affordable, it lowers the barrier to entry,” says Crane Hassold, director of threat intelligence at Abnormal Security.

The people targeted by these fraudsters are more likely to react to the content in front of them if they can read and understand it, so everything from fake emails to onscreen messages displayed by ransomware gets localized. At the same time, these cybercriminals want to make as much profit with as little expenditure as possible. And since they have no brand image or corporate reputation to worry about, they emphasize low cost over high quality. To them, the advent of MT must’ve been like a dream come true.

The real threat of fake e-commerce sites

Unlike BEC scams that target organizations, a threat aimed squarely at the consumer is the fake e-commerce scam. Here the fraudsters replicate a reputable e-commerce site, nearly image-for-image and word-for-word, except for a few bargain-priced items that seem too good to be true—and they are. When you click on an item to buy, you’ll be whisked away to a page asking for your credit card info and, needless to say, they’ll take your money and give you only heartache in return.

In Japan’s case, according to complaints received by the Consumer Affairs Agency, the number of cases where people were scammed of their money rose from 25,700 cases in 2016, to 71,515 cases in 2020. This coincided with high overall activity on e-commerce sites due to the pandemic, and people stuck at home fell prey to the fraud.

To help Japanese consumers avoid being scammed by fake sites, the National Police Agency has issued a five-point bulletin on what to look for:

・Is there anything odd or unnatural about the domain? (i.e. .net instead of .jp)

・Is the price excessively cheap or the discount too massive?

・Are there expressions of urgency like “Sale ends today” to trigger panic buying?

・Search the internet for the company’s information—is there any fake information?

・Is the Japanese language proper and does it read naturally?

Although these scams copy an existing site almost entirely, they do need to customize the content in certain parts, and that’s where they use MT to fill in the gaps. That, fortunately, is where the trap can be discovered. Whether it’s not-quite-proper keigo (敬語; honorific language), or stylistic inconsistencies with other parts of the page, MT can leave a telltale sign of impropriety.

Your brand image is worth the investment

MT does have its place in the localization landscape, and it’s growing. With some content required to be pushed out on a daily basis and having a very short shelf life, the localization scenarios may need to rely on MT, perhaps as part of an MTPE (Machine Translation Post-Editing) workflow, to ensure timely output.

But for content that deals with brand and corporate image, where the message you convey is meant to have staying power, your best bet is to consult a talented and experienced human translator. In fact, you should be considering whether to go for localization or transcreation.

Get the best quality you can. Avoid being mistaken for a scam.

Douglass McGowan

Related Posts

January 4, 2024

How machine translation is making some countries more vulnerable to cybercrime

Douglass McGowan

January 4, 2024

How machine translation is making some countries more vulnerable to cybercrime

Douglass McGowan

January 4, 2024

How machine translation is making some countries more vulnerable to cybercrime

Eric Prince