Google warns of increased Iranian phishing
As an election approaches in Iran, email-based phishing attacks designed to compromise the Google accounts of "tens of thousands of Iranian users" are on the rise. Google has warned of this new wave of attacks, which it believes are politically motivated; the Iranian presidential election is being held on Friday. The company says it has detected and disrupted the campaign and is publishing the warning in line with its policy of notifying targets in state-sponsored attacks or other suspicious activity.
It also believes that the group behind this attack is the same group that compromised SSL CA DigiNotar in August 2011, but notes that this attack is "far more routine". An example given by Google is an email asking the user to add an alternate email address to their account; the link embedded in the email actually takes the user to a fake Google sign-in page where the user name and password can be stolen.
Google asks Iranian users to be on the look out for phishing attacks like this and suggests enabling 2-step verification for Google accounts. The company also suggests ensuring that users have an up-to-date browser installed, presumably to avoid drive-by browser attacks launched from phishing email links.