“The ongoing attacks attempt to circumvent the extra protections conferred by two-factor authentication in Gmail, and rely heavily on phone-call based phishing and ‘real time’ login attempts by the attackers,” the report read.
Two-factor authentication is a process where a user sets up not only a password and username, but also another piece of information for an extra layer of security.
According to the report, Iranian hackers have set up an “elaborate” phishing operation to target the Iranian diaspora and at least one Western activist.
In order for these two-factor authentication targeted attacks to succeed, the alleged Iranian hackers must obtain the targets’ password and single-user codes.
According to the report, the alleged Iranian hackers obtain the passwords first through text messages and phishing password reset pages, where they then collect the information and take over the account.
Additionally, the report said the hackers also attempted to gain access to their targets’ Gmail accounts by posing as journalists. In some instances the hackers made calls to users pitching fake business proposals that they would then send to their Gmail with a fake Google Drive link.