Google has detected a rising number of email-based phishing attacks in the run up to the election in Iran, which are trying, according to the tech giant, "to compromise the accounts of tens of thousands of Iranian users."
The company announced on Wednesday that Google accounts have been subject to multiple phishing campaigns, which originate from Iran. According to Google, these campaigns "represent a significant jump in the overall volume of phishing activity in the region." Google has detected the email-based phishing campaigns and disrupted many of them, but the company is telling its users based in Iran to be on the look out for suspicious emails or other cyber activities.
Google says that it believes the cyber attacks to be "motivated in connection with the Iranian presidential election," which is happening Friday, due to the "timing and targeting of the campaigns." The campaigns all originate from within Iran, and have escalated far beyond normal phishing activity in the region.
Google is encouraging its customers, especially if they are in Iran, to take extra steps to protect their accounts. These include being careful where they sign in to Google, paying attention to the URL and making sure it is officially a Google address and not a scam site, and using strong passwords that they don't use on other websites.
Using an up to date browser helps, along with enabling 2-step verification on Google accounts. Here are Google's instructions on how to enable 2-step verification and their suggestions for other steps to protect your account. (Of course, these are good ideas, even if you're not living in Iran).
Google notifies users if their accounts have been targets of state-sponsored attacks or suspicious activity, and, according to ZDNet, has previously alerted Iranians of possible attacks when some server-enabled security certificates were compromised, leaving the possibility that attackers could set up dummy servers, posing as Gmail servers and take users' login names and passwords. However, these phishing attacks are far less sophisticated. In this case, users receive an email purporting to be routine account maintenance and directing users to a link in order to provide account details. Check out Google's security blog for more details.