“For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region. The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.”
Reuters notes that the company “posted a screenshot of a phishing email [seen above] purporting to be from Google administrators. The email, sent from the account ‘Email.Settings@gmail.com,’ contained a link to a fake sign-in page that asked for the user’s Gmail credentials.”
While Google did not go so far as identify the Iranian government as the source of the phishing, it does imply a connection: “Protecting our users’ accounts is one of our top priorities, so we notify targets of state-sponsored attacks and other suspicious activity, and we take other appropriate actions to limit the impact of these attacks on our users,” Google said.
The government and opposition groups alike have claimed to be the victims of cyberattacks in the lead up the election. Government forces reportedly previously engaged in cyberattacks against “enemies” of Iran and actively recruit hackers to boost its efforts.
Iran’s cyber-capabilities combined with its exclusion from global economy have led some to believe it could be one of the greater cybersecurity threats on the global stage because of its tendency for disruptive action, like the distributed denial of service (DDoS) attack targeting global financial institutions last winter.
Iran blocked Google services in September 2012, relenting on Gmail access after a complaints from public officials. The government also reportedly cut off its eight million plus internet users from most virtual private networks (VPNs) in March as part of its attempt to divert internet traffic to a closed intranet system.