Google has detected what appears to be a spike in politically-motivated phishing attacks targeting Gmail accounts belonging to thousands of Iranians just days before a presidential election in the country.
The Web giant identified a "significant jump in the overall volume of phishing activity in the region" in the past three weeks originating from within the country. Eric Grosse, Google's vice president of security engineering, noted in a company blog post Wednesday that "timing and targeting of the campaigns" suggested political motivation ahead of Friday's elections.
Grosse explained how the campaign operated:
Our Chrome browser previously helped detect what appears to be the same group using SSL certificates to conduct attacks that targeted users within Iran. In this case, the phishing technique we detected is more routine: users receive an email containing a link to a web page that purports to provide a way to perform account maintenance. If the user clicks the link, they see a fake Google sign-in page that will steal their username and password.
To prevent phishing attacks, Grosse encouraged users in Iran to use a modern browser and enable two-step authentication. He also reminded users to verify that the URL in the address bar of their browser is https://accounts.google.com/ before entering their Gmail password.
Internet users in Iran have grown accustomed to frequent outages that prevent access to e-mail and social networks, especially ahead of elections. Access to major international news sites and social-networking sites such as Facebook and Twitter is blocked by the country's government, which has been waging a battle against what it calls "inappropriate" content on the Internet.
The country has reportedly been developing a national intranet in an effort to create a "clean Internet." Iran's government claimed earlier this year to be developing "intelligent software" designed to give citizens controlled, restricted access to now-banned social-networking sites.