Google Reveals Massive Iranian Phishing Scheme

A suspicious email attack leads to...nothing?

Government email spying in the United States may have all the headlines, but America hardly has a monopoly on privacy violations. Google revealed a massive phishing scheme against users of Google products in Iran last Wednesday.

Phishing is the malevolent cousin of Spam email. A phishing email looks legitimate, and contains a link that sends users to a page perfectly mimicking the actual official page, and then asks for login information. It’s a technique criminals commonly use to get bank account information, but it can also give attackers access to a user’s email, allowing them to log in as the user themselves and find everything normally kept away under lock and password. It’s a costly problem for businesses. It’s even more devastating for political activists; a government that can read activists’ email can probably find statements of “propaganda against the system,” which is both loosely defined and in Iran a criminal offense.

In the three weeks leading up to the Iranian presidential election, tens of thousands of phishing emails were sent to Google users in Iran. The email appeared to come from an email settings account at Gmail, which looked legitimate enough. The email requested a second email backup for the account from users, and contained a misleading link. Users who followed that link were prompted to enter account information, which the attacker would keep.

Google revealed the Iranian phishing attack last Wednesday, which was ominously timed in advance of the presidential election on Friday. Google is keeping quiet about how it detected the attack, so as not to tip off future attackers. And while the source of the attack is not known, the timing and the attacks’ origin within Iran suggest it came from the Iranian government, Google says. As soon as Google detected the attack, Google notified the targeted people, warned of phishing, and recommended two-step authentication.

It’s unclear how the attackers intend to use this information. The election went smoothly. The most moderate of the six candidates won, and unlike the protests that animated Iran following the messy 2009 election, this election was peacefully celebrated. The Supreme Leader of Iran accepted the results even though his preferred candidate didn’t win. Google believes the target selection was “politically motivated” but whatever information was gained from the targeted phishing attempt, it certainly wasn’t used this weekend.

Perhaps the Iranian government–or whoever is behind the attacks–is just collecting information through questionable means without a specific offense in mind, to ultimately be used later. Perhaps Iran and the United States aren’t that dissimilar after all.