Phishing attacks are targeting tens of thousands of Gmail users in Iran in the run-up to elections in the country, according Google researchers.
“These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region,” Eric Grosse, vice-president of security engineering said in a blog post.
Although the attacks originate inside Iran, the timing and targeting of the campaigns suggest they are politically motivated in connection with presidential elections on Friday, he wrote.
Google researchers believe the attacks are coming from the same group that used forged secure socket layer certificates for the Google domain name to conduct attacks that targeted users in Iran in 2011.
The fraudulent certificates were issued after a hacker gained access to the certificate infrastructure of Dutch root certificate authority DigiNotar.
In the latest attacks, targets are sent an email containing a link to a web page that purports to provide a way to perform account maintenance.
Read more about phishing
- RSA identifies 'bouncer' phishing attack
- Indian companies must increase phishing awareness
- UK office workers swamped with phishing emails, study finds
- Phishing attacks cast wider nets in businesses
- Phishing emails sent in pairs to lend authenticity, says training company
- Mitigate phishing attacks in the cloud: A how-to
- Study finds spear phishing at heart of most targeted attacks
- Phishing attack, stolen credentials sparked South Carolina breach
- Spear phishing, manpower drive Chinese APTs, says researcher at RSA 2013
If the recipient clicks the link, they see a fake Google sign-in page that will steal their username and password.
Grosse said Google routinely notifies targets of state-sponsored attacks and other suspicious activity, and takes other “appropriate actions” to limit the impact of these attacks.
“Especially if you are in Iran, we encourage you to take extra steps to protect your account,” he said, suggesting steps such as updating browsers and enabling two-factor authentication.
“Always verify that the URL in the address bar of your browser begins with https://accounts.google.com/. If the website's address does not match this text, please don’t enter your Google password,” he said.