Tens of thousands of Gmail accounts belonging to Iranian users have been targeted in an extensive hacking campaign in the weeks leading up to the country’s closely watched presidential elections on Friday, Google Inc. said on Wednesday.
The U.S. internet company, which described the attacks as broad “email-based phishing” attempts seeking to trick unsuspecting Gmail users into giving up their user names and passwords, said they originated in Iran and appeared to be “politically motivated in connection with the Iranian presidential election on Friday.”
Google said it has a policy to alert users to “state-sponsored attacks and other suspicious activity,” but did not identify the perpetrators beyond saying that it appeared to be the same group behind a Gmail hacking campaign in 2011 involving fraudulent digital certificates.
The most recent phishing campaigns began almost three weeks ago, Google said. The “timing and targeting of the campaigns” suggested a connection to the election, Google said without elaborating.
On its security blog on Wednesday, the company posted as screenshot of a phishing email purporting to be from Google administrators. The email, sent from the account “email.Settings@gmail.com,” contained a link to a fake sign-in page that asked for the user’s Gmail credentials.
“Protecting our users’ accounts is one of our top priorities, so we notify targets of state-sponsored attacks and other suspicious activity, and we take other appropriate actions to limit the impact of these attacks on our users,” Google said.
In 2011, a young Iranian student who claimed credit for hacking Gmail accounts belonging to anti-government dissidents told the international press that he acted out of patriotism but denied any connection to the Iranian government.