Google detects Iran phishing attacks ahead of election

  • Published
Person typing on keyboard
Image caption,

Google said it had noticed a significant spike in phishing activity in Iran in recent weeks

Google says it has detected and stopped thousands of phishing attacks targeting email accounts of Iranian users ahead of the 14 June presidential election.

In an online statement, the firm said it had noticed a "significant jump" in the region's overall volume of phishing activity in the last three weeks.

The timing and targets suggested the attacks were "politically motivated".

Friday's poll is the first since 2009 when President Mahmoud Ahmadinejad won a controversial second term.

The election had triggered angry protests, with voters accusing Mr Ahmadinejad's camp of rigging the results in his favour.

Fake sign-in page

Google's vice-president of security engineering, Eric Grosse, said the phishing attacks originated from within Iran.

Phishing attempts to obtain passwords and other private computing information by directing users to fake websites.

"For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users," he said.

"The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday."

Mr Grosse said victims targeted in the attacks had received an email containing a link to a web page purporting to perform account maintenance.

If they clicked the link, they were taken to a fake Google sign-in page, which would steal their username and password.

The threat was detected by a phishing detection feature added to the firm's Chrome web browser in 2012.

Mr Grosse warned Iranian users to take extra measures to protect their accounts from "state-sponsored attacks".

In the latest case, users received a message which appeared to come from Google itself using the official-looking address: email.settings@gmail.com.

It suggested they assign an extra email address to their existing Google account to make password recovery easier.

The bogus link they were asked to click also contained the search firm's name adding to the appearance of authenticity, Google says.

However, the attempt was spotted by a Safe Browsing feature added to Google's Chrome browser last year.

Most of the six candidates in Friday's election are conservatives close to Ayatollah Khamenei.

The opposition says more than 80 of its supporters were killed in a crackdown over a period of six months after the 2009 election - a figure the government disputes. Several have been sentenced to death, and dozens jailed.

The two reformist candidates from 2009 - Mir Hossein Mousavi and Mehdi Karroubi - remain under house arrest.