This story about how Iran resets your Gmail password may be a bit disconcerting to those who have never thought of this possibility:
Iran’s ability to infiltrate or even crash rival government systems, including alleged threats to the electrical grid, has “alarmed” U.S. officials over the past few years. But the most recent phishing attacks are a sign Iranian hackers using these much more targeted techniques, too—on everyone from secular voices in Iran to nonprofit workers in the U.S.
One tip-off you’re being targeted for an attack? If you receive a fake “unexpected sign-in attempt” notice that says an attempt was made to log in to your account from “The Iran.” The alert could come from a text or, in Hakakian’s case, an email.
This email is sent by the hacker, not Google. But Google will eventually send an authentic verification code to your phone—which is intercepted by hackers in the process, giving them access to your account.
“For this attack to work, the attackers must actively monitor the phishing page. Once the target enters their password into the phishing site the attackers likely use the credential to attempt to log in to GMail. The attacker’s login attempt then triggers the sending of a code from real Google to the target,” the report states. “They then wait for the target to enter the 2FA code from Google.”
Another version of the attack includes a phone call and an interview request from an English or Farsi-speaker who claims to be from the news agency Reuters. When hackers sent their phishing email to Electronic Frontier Foundation director Jillian York after their phone call—which included specific details about her previous work—the news agency was misspelled “Reuturers.”
Eventually, the email would coax victims into opening a document pertaining to the phone call from “Reuters Tech Dep.” Clicking the link would start the two-step verification hack.