20 Jun 2013

GMail Phished by Iran

Phishing Attacks on Iranians Uncovered by Web Giant Google

Web giant Google has reported that it uncovered a massive phishing attack on the Gmail accounts of the Iranians. Google says that this sudden spike in the phishing attacks are probably motivated with political cause because the attacks have occurred only a few days before the country experienced a fresh Presidential election.

Google techs identified that the phishing activities in Iran spiked significantly over the period of 3 weeks prior to June 12 and that all these attacks actually originated from Iran. Vice President of security engineering of Google, Eric Grosse, wrote in a blog post on June 12, 2013 that the company detected and prevented many email-based phishing attacks days before the Presidential election that was scheduled for Friday, June 14. He wrote that the timing as well as the targeting pattern of the attacks clearly indicated that the attacks were politically motivated and that these attacks were aimed towards compromising the Gmail accounts of thousands of Iranians.

Grosse reported that a group of hackers used the SSL certificates to launch the attacks. They sent an email containing a link that pointed to a web page which fooled the unsuspecting users by stating that the page provided methods for account maintenance. Once the users clicked on the link, they would have been directed to fake Google login page where their usernames and passwords would have been stolen once they tried to log in.

Grosse asked and encouraged the users in Iran to use a very modern browser and the two-step authentication method of Google so that these phishing attacks can be prevented. He also asked the users to ensure that the URL in the address bar reads https://accounts.google.com/ before they actually enter their username and password.

Iranians are today very accustomed to outages preventing access to social networks and emails pretty frequently. These outages occur frequently during the elections. Sites like Twitter, Facebook and international news sites are blocked by the government who justify their act by referring these sites as ‘inappropriate content.’

 

]]>