Google Detects Iran Phishing Spike As Election Looms

Google has seen a significant spike in phishing attempts on its Gmail users in Iran, which it believes are politically-motivated due to the upcoming election on Friday, which many expect will be rigged.

The tech titan claimed tens of thousands of Iranian users were targeted, as attackers sought to hijack their Google accounts.

Google phishing attacks

Google said the perpetrators appeared to be the same group who used stolen a Google SSL certificate from Dutch certificate authority DigiNotar to hack Iranians in 2011. DigiNotar subsequently went bankrupt.

Earlier in the year an Iranian hacker claimed to have stolen certificates from another CA, Comodo, including Google SSL certificates. That hacker, who claimed to be a 21-year-old Iranian patriot fighting the West, also claimed to be behind the DigiNotar hit.

“The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday,” Eric Grosse, Google vice president of security engineering, said in a blog post.

“In this case, the phishing technique we detected is more routine: users receive an email containing a link to a web page that purports to provide a way to perform account maintenance.

“If the user clicks the link, they see a fake Google sign-in page that will steal their username and password.”

It is expected the winner of Friday’s election will be whoever Supreme Leader Ayatollah Ali Khamenei prefers, as President Mahmoud Ahmadinejad’s reign is coming to a close.

Iran has a strong hacking tradition and the regime backs numerous cyber initiatives. Earlier this week, Israel’s prime minister Benjamin Netanyahu claimed Iran, alongside its Palestinian and Lebanese allies, is targeting critical national infrastructure with “non-stop” cyber attacks.

What do you know about Internet security? Find out with our quiz!