June 13, 2013
Google Warns Iranian Gmail Users Ahead Of Presidential Elections
Michael Harper for redOrbit.com — Your Universe Online
Just days before an Iranian presidential election, Google is warning Gmail users in the area to take extra precaution when accessing their account or clicking on links from incoming messages.
“These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region,” writes Google vice president of security engineering Eric Grosse in a blog post. “The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.”
Phishing is a style of cyber attack which tricks users into clicking bogus links and unknowingly hand over their information. For instance, in this specific attack Iranian Gmail users received emails alerting them about so-called account maintenance. These users were asked to click a link to be taken to Google´s Gmail homepage and enter their login and password to maintain their account.
The link the users clicked took them to a site that -- although was made to look like a Google site -- had been built to capture their credentials. Google recommends that users always make sure to check the URL before entering any kind of personal information. For instance, any official Google account page will begin with https://accounts.google.com/. Anything other than that is likely a phishing attack.
Google also recommends users enable two-step authentication and surf via their own web browser, Chrome.
The Chrome browser works to prevent these phishing attacks by notifying the user if the authenticity of a site can´t be confirmed. This feature, which is baked into the Chrome browser, is what tipped Google off to the recent rise in attacks.
Google did not disclose how they discovered these phishing attacks, saying they didn´t want to tip off future attackers. They did mention, however, that these attacks are similar to those used in the 2011 security breach of DigiNotar, a website which serves up security certificates. These security certificates are meant to prevent the kinds of attacks which allow hackers to steal information from legitimate websites.
By being able to compromise the certificates authenticity, hackers in the 2011 attack were able to steal login information of millions of people. At the time of the attack, Google discovered that the majority of those affected were located in Iran.
The most recent rash of phishing attacks has led Google to believe that Iranian hackers were also behind the 2011 DigiNotar attacks.