Phishing

An example of penetrating the Telegram account of a reporter by stealing the authentication codes sent via text.

Phishing is a type of attack that tricks the users into providing passwords to the victim’s account.87 In this type of attack, the attacker uses information they have about the user, such as their contact list or interests, gains the victim’s trust, and then leads the victim to a bait.

Phishing is one of the oldest techniques used by Iranian intelligence and security forces to access user accounts. Usually this deception is carried out by sending an email, or through a chat on Facebook, or now, increasingly, via the mobile messaging application Telegram, which is heavily used by Iranians. Typically, journalists and activists are targeted, so that the authorities can monitor their communications and contacts, or block the account if they do not have access to the person for questioning (for example if the target resides outside the country and they wish to disrupt communication between that person and individuals inside the country).

In the case of phishing emails, while many email service providers such as Google and Yahoo identify and block these emails, when phishing links are blocked, hackers continuously change their links to attack their targets.

State-sponsored phishing attacks are not limited to users inside the country. For example, in September 2016, the Gmail accounts of Iranian journalists at Radio Farda and Deutsche Welle were successfully attacked.88