Tens of thousands of Iranians are vulnerable to phishing attacks as elections approach, according to Google. In the last three weeks, the company blocked several email-based phishing campaigns aimed at compromising the accounts of Iranian users. The attacks, which originate from within the country, represent a significant jump in the overall volume of phishing activity in the region.
â€œThe timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday,â€ VP Security Engineering Eric Grosse said in a blog post. â€œOur Chrome browser previously helped detect what appears to be the same group using SSL certificates to conduct attacks that targeted users within Iran.â€
In that case, the phishing technique was more traditional: users received an email containing a link to a fake Google sign-in page allegedly for account maintenance. If Iranians clicked the link, cyber-criminals stole their usernames and passwords.
â€œEspecially if you are in Iran, we encourage you to take extra steps to protect your account,â€ the company warned. â€œBefore typing your Google password, always verify that the URL in the address bar of your browser begins with https://accounts.google.com/. If the website’s address does not match this text, please donâ€™t enter your Google password.â€
Users should also maintain their antivirus solution updated to prevent hacking and phishing attacks.
Last month, Iranians were also targeted by a malware campaign infecting their devices with the Gamarue Trojan. The malicious file was spreading in several countries as an attachment in a fake FedEx e-mail. Gamarue stole usersâ€™ passwords and sensitive data and sent them to a command and control center.
The Iranian elections on Friday will decide a successor to President Mahmoud Ahmadinejad, who is not eligible for a third term. In 2009, his re-election made headlines with mass protests and violent crackdowns against the crowds.