Google detects Iran phishing attacks ahead of election
Google says it has detected and stopped thousands of phishing attacks targeting email accounts of Iranian users ahead of the 14 June presidential election.
In an online statement, the firm said it had noticed a "significant jump" in the region's overall volume of phishing activity in the last three weeks.
The timing and targets suggested the attacks were "politically motivated".
Friday's poll is the first since 2009 when President Mahmoud Ahmadinejad won a controversial second term.
The election had triggered angry protests, with voters accusing Mr Ahmadinejad's camp of rigging the results in his favour.Fake sign-in page
Google's vice-president of security engineering, Eric Grosse, said the phishing attacks originated from within Iran.
Phishing attempts to obtain passwords and other private computing information by directing users to fake websites.
"For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users," he said.
It is not the first time that Iranian internet users have come under cyber-attack, but there seems to have been a surge in recent days, which could be related to the presidential election.
Usually the targets of these attacks are journalists or activists, both in Iran and abroad - including many BBC Persian staff in London.
Since the disputed election of 2009, the Iranian authorities have tightened access to the internet, because of its widespread use by protestors at the time. At times of possible unrest, the internet in Iran has almost come to a halt.
As well as phishing campaigns, BBC Persian has seen many recent complaints on Iranian social media sites that the internet has become extremely slow.
But if this is indeed an attempt by the authorities to block the flow of information into and out of the country, then it doesn't appear to be working. Over the past few days BBC Persian has received many emails, photographs and videos from people inside Iran charting the final days of the election campaign.
"The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday."
Mr Grosse said victims targeted in the attacks had received an email containing a link to a web page purporting to perform account maintenance.
If they clicked the link, they were taken to a fake Google sign-in page, which would steal their username and password.
The threat was detected by a phishing detection feature added to the firm's Chrome web browser in 2012.
Mr Grosse warned Iranian users to take extra measures to protect their accounts from "state-sponsored attacks".
In the latest case, users received a message which appeared to come from Google itself using the official-looking address: firstname.lastname@example.org.
It suggested they assign an extra email address to their existing Google account to make password recovery easier.
The bogus link they were asked to click also contained the search firm's name adding to the appearance of authenticity, Google says.
However, the attempt was spotted by a Safe Browsing feature added to Google's Chrome browser last year.
Most of the six candidates in Friday's election are conservatives close to Ayatollah Khamenei.
The opposition says more than 80 of its supporters were killed in a crackdown over a period of six months after the 2009 election - a figure the government disputes. Several have been sentenced to death, and dozens jailed.
The two reformist candidates from 2009 - Mir Hossein Mousavi and Mehdi Karroubi - remain under house arrest.