Google researchers have detected phishing attacks originating inside Iran that target tens of thousands of Gmail users from that country, a company official said in a blog post published Wednesday. The attacks appear to come from the same group that pulled off a much more sophisticated attack in 2011 involving a forged secure sockets layer certificate for the Google domain name.
“The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday,” wrote Eric Grosse, Google's VP of Security Engineering.
He said the attacks were aimed at Iran-based account holders who were sent an e-mail, purporting to be from Google, asking the user to add an alternative e-mail address to their accounts. When users clicked on a URL provided in the e-mail, they were taken to a fake Google sign-in page that collected the victim’s username and password.