Google says it’s seeing a massive increase in email-based phishing campaigns that originate within Iran and target Iranian users. These attacks, Google says, started about three weeks ago and the company believes that they are politically motivated. Iran’s next election is scheduled for Friday and this “significant jump” in phishing activity in the region started about three weeks ago.
Google says the campaign targets the accounts of “tens of thousands” of Iranian users and the group behind it appears to be the same that also targeted Iranian users in September 2011. Back in 2011, the company told all of its users in Iran to ensure that their accounts weren’t compromised after hackers compromised the Dutch SSL certificate authority DigiNotar.
As Google notes, though, this time the attack is far simpler and just sends users to a fake Google sign-in page in order to steal usernames and passwords. What exactly the attackers planned to do with this information remains unclear.
There have been some reports that access to Gmail is currently disrupted from Iran, though it’s not clear that this is indeed the case. Iran does, however, have a history of blocking Google services like Gmail and YouTube, so it wouldn’t come as a major surprise if the country shut down access to Google’s services ahead of this election.