Thousands of Iranian Gmail Users Targeted in Attempted Hacks Before Election

Iranians surf the web at an Internet cafe, in Tehran, Iran. Photo: AP/Vahid Salemi

Thousands of Gmail account users in Iran have been targeted in phishing attacks intended to influence the country’s national election, Google announced.

The attacks originated inside Iran and have been occurring for about three weeks, Eric Grosse, vice president of Google security engineering, wrote on the company’s blog on Wednesday.

“These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region,” Grosse said. “The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.

Grosse wrote that the phishing attacks appear to be conducted by the same group that used SSL certificates to conduct attacks in Iran in 2011 using a fraudulent Google certificate obtained after hacking into Dutch certificate authority DigiNotar.

In the recent cases, however, the phishing attack is simpler. Users receive an email containing a link to a web page for account maintenance. When they click on the link, they get a fraudulent Google sign-in page asking them to enter their username and password.

Iran is holding important national elections on Friday to choose a successor to President Mahmoud Ahmadinejad, who has been in office for two terms and cannot run for a third term in office.

The frontrunner for the office is Hassan Rouhani, a moderate cleric who is viewed as having a more temperate approach to world affairs than Ahmadinejad. He is challenged by a handful of more conservative candidates.