Wednesday, June 12, 2013

Iranian phishing on the rise as elections approach



Cross-posted from the Google Online Security Blog

For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region. The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.


Our Chrome browser previously helped detect what appears to be the same group using SSL certificates to conduct attacks that targeted users within Iran. In this case, the phishing technique we detected is more routine: users receive an email containing a link to a web page that purports to provide a way to perform account maintenance. If the user clicks the link, they see a fake Google sign-in page that will steal their username and password.

Protecting our users’ accounts is one of our top priorities, so we notify targets of state-sponsored attacks and other suspicious activity, and we take other appropriate actions to limit the impact of these attacks on our users. Especially if you are in Iran, we encourage you to take extra steps to protect your account. Watching out for phishing, using a modern browser like Chrome and enabling 2-step verification can make you significantly more secure against these and many other types of attacks. Also, before typing your Google password, always verify that the URL in the address bar of your browser begins with https://accounts.google.com/. If the website's address does not match this text, please don’t enter your Google password.

2 comments:

justine rehan said...

This fast-growing community of traffic-obsessed bingo online drivers is working together to find the best routes from home to work, every day.

Change Iran said...

No rational person could think Iran’s elections are open, free and democratic and the attack on Google email addresses is only part of that overall plan. It's not a free election when you strip 680 candidates down to a handpicked group of six. But you do have a choice! I just voted on www.we-choose.org which is a pretty cool idea to get Iranians to vote outside of the elections, in an open, confidential and free election. I voted for Maryam Rajavi, from the National Council of Resistance of Iran. I’ve followed what she’s done in fighting for a free Iran, but you can pick from any of 20 candidates, which sure beats Khamenei’s Gang of Six. So take a minute out to vote and make your voice heard.