In the lead-up to Iran's presidential elections, which kicked off Friday, tens of thousands of Iranians fell victim to a series of targeted cyberattacks on their Gmail accounts.
The timing of the attack suggests the attacks are politically motivated, said Google's Eric Gross, the vice president of security engineering, in a blog post.
Google has detected a significant jump in phishing activity in the region during the past three weeks. The messages appear to be sent from Google and provide a link where users can make changes to their account settings. If the user clicks on the link, they are presented with a fake Google sign-in page where the hacker can steal victims' usernames and passwords.
This phishing campaign does not appear to place any malware on the victims' systems or employ any sophisticated tactics. The search giant has also been able to disrupt a number of the email scams.
But it doesn't take much -- attackers could have unlocked a trove of information from their victims, accessing all of their emails, Google documents and Google chats.
"Gmail credentials are the keys to the kingdom," said Roel Schouwenberg, a senior researcher at Kaspersky Labs.
The scam emails have been sent to tens of thousands of Iranian Google users and Schouwenberg said this number is "very substantial" for a targeted campaign like this one.
During election season,Iran has a history of censoring certain websites, such as Google, Facebook and Twitter. The country has also completely cut off its citizens' access to the Internet at times.
But security researchers note that obtaining data through phishing scams can sometimes be more useful than completely shutting off the flow of information.
"Keeping communication open and eavesdropping on that kind of communication is often preferred," Schouwenberg said.