Modernizing Authentication — What It Takes to Transform Secure Access
In a recent blog post, Eric Grosse, Google's vice president of security engineering, reported that the company has detected and disrupted several e-mail based phishing campaigns, originating from within Iran, that target tens of thousands of Iranian users.
Grosse says the timing and targeting of the campaigns, which represent a significant jump in phishing activity in the region, suggest they're politically motivation in connection with today's Iranian presidential election.
The phishing attacks, according to Grosse, involve an e-mail linking to a Web page that claims to offer a way to perform account maintenance and asks for the user's Google user name and password.
"Especially if you are in Iran, we encourage you to take extra steps to protect your account," Grosse writes. "Watching out for phishing, using a modern browser like Chrome and enabling 2-step verification can make you significantly more secure against these and many other types of attacks."
"Also, before typing your Google password, always verify that the URL in the address bar of your browser begins with https://accounts.google.com/," Grosse adds. "If the website's address does not match this text, please don’t enter your Google password."