- June 13, 2013 09:40am EST
For the last three weeks, the search giant said it has "detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users."
The attacks are originating in Iran and are a big jump in the normal volumes of phishing activity Google normally sees there. "The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday," Google said.
The company posted a sample email, which urged users to add an alternate email address to their Google accounts. The message is rather crude - sent from an "[email protected]" account - and encourages users to click a link at the end of message to update their account settings.
Google said it detected activity from the same group of people back in Sept. 2011, when an attacker used a fraudulent SSL certificate issued by DigiNotar to target Internet users in Iran. But this time around, the phishing attacks are "more routine," Google said.
The search giant warned users in Iran to be on the lookout for sketchy emails and encouraged them to sign up for things like two-factor authentication.
Iran has a long history of censoring Web access in the region; in March, there were reports that officials were blocking VPN access, while access to Google services was blocked in October.
