Iran Gmail phishing attacks up ahead of election, says Google

Phishing attacks are targeting tens of thousands of Gmail users in Iran in the run up to elections in the country, say Google security researchers

Phishing attacks are targeting tens of thousands of Gmail users in Iran in the run-up to elections in the country, according Google researchers.

“These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region,” Eric Grosse, vice-president of security engineering said in a blog post.

Although the attacks originate inside Iran, the timing and targeting of the campaigns suggest they are politically motivated in connection with presidential elections on Friday, he wrote.

Google researchers believe the attacks are coming from the same group that used forged secure socket layer certificates for the Google domain name to conduct attacks that targeted users in Iran in 2011.

The fraudulent certificates were issued after a hacker gained access to the certificate infrastructure of Dutch root certificate authority DigiNotar.

Poisoned link

In the latest attacks, targets are sent an email containing a link to a web page that purports to provide a way to perform account maintenance.

Read more about phishing

If the recipient clicks the link, they see a fake Google sign-in page that will steal their username and password.

Grosse said Google routinely notifies targets of state-sponsored attacks and other suspicious activity, and takes other “appropriate actions” to limit the impact of these attacks.

“Especially if you are in Iran, we encourage you to take extra steps to protect your account,” he said, suggesting steps such as updating browsers and enabling two-factor authentication.

“Always verify that the URL in the address bar of your browser begins with If the website's address does not match this text, please don’t enter your Google password,” he said.

Read more on Hackers and cybercrime prevention