Google warns Iran about phishing attacks

With the Iranian presidential election coming on Friday, Google has warned about email-based phishing attacks designed to compromise the Google accounts of "tens of thousands of Iranian users". Google believes these are politically motivated and says it has detected and disrupted the campaign. It is publishing the warning in line with its policy of notifying targets in state-sponsored attacks or other suspicious activity.

It also believes that the group behind this attack is the same group that compromised SSL CA DigiNotar in August 2011, but notes that this attack is "far more routine". One example that it has published is an email asking the user to add an alternative email address to their account and the link lands the user at a fake Google sign-in page where the user name and password are stolen.

Iranian users are being asked to look out for the phishing attacks and suggests the users enable 2-step verification for Google accounts. The company also suggests ensuring that users have an up-to-date browser installed, presumably to avoid drive-by browser attacks launched from phishing email links.